From 04091ce939fdc7bb209dfb9d43a3ec5e68be3702 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 May 2021 13:01:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17517.json | 17 +--- 2020/19xxx/CVE-2020-19107.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19108.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19109.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19110.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19111.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19112.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19113.json | 56 +++++++++-- 2020/19xxx/CVE-2020-19114.json | 56 +++++++++-- 2020/23xxx/CVE-2020-23127.json | 61 ++++++++++-- 2020/23xxx/CVE-2020-23128.json | 61 ++++++++++-- 2020/28xxx/CVE-2020-28007.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28008.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28009.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28010.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28011.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28012.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28013.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28014.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28015.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28016.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28017.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28018.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28019.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28020.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28021.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28022.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28023.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28024.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28025.json | 56 +++++++++-- 2020/28xxx/CVE-2020-28026.json | 56 +++++++++-- 2021/1xxx/CVE-2021-1428.json | 4 +- 2021/1xxx/CVE-2021-1429.json | 4 +- 2021/1xxx/CVE-2021-1430.json | 4 +- 2021/1xxx/CVE-2021-1438.json | 4 +- 2021/1xxx/CVE-2021-1447.json | 4 +- 2021/21xxx/CVE-2021-21505.json | 43 ++++----- 2021/21xxx/CVE-2021-21527.json | 43 ++++----- 2021/21xxx/CVE-2021-21550.json | 45 ++++----- 2021/22xxx/CVE-2021-22211.json | 85 ++++++++++++++++- 2021/24xxx/CVE-2021-24244.json | 154 +++++++++++++++--------------- 2021/24xxx/CVE-2021-24256.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24257.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24258.json | 168 ++++++++++++++++----------------- 2021/24xxx/CVE-2021-24259.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24260.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24261.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24262.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24263.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24264.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24265.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24266.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24267.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24268.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24269.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24270.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24271.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24273.json | 146 ++++++++++++++-------------- 2021/26xxx/CVE-2021-26543.json | 61 ++++++++++-- 2021/27xxx/CVE-2021-27216.json | 56 +++++++++-- 2021/29xxx/CVE-2021-29101.json | 4 +- 2021/29xxx/CVE-2021-29921.json | 96 +++++++++++++++++-- 2021/31xxx/CVE-2021-31245.json | 71 ++++++++++++-- 2021/31xxx/CVE-2021-31532.json | 61 ++++++++++-- 2021/31xxx/CVE-2021-31616.json | 66 +++++++++++-- 2021/32xxx/CVE-2021-32062.json | 77 +++++++++++++++ 2021/32xxx/CVE-2021-32063.json | 18 ++++ 2021/32xxx/CVE-2021-32064.json | 18 ++++ 2021/32xxx/CVE-2021-32065.json | 18 ++++ 2021/3xxx/CVE-2021-3450.json | 10 ++ 2021/3xxx/CVE-2021-3501.json | 55 ++++++++++- 2021/3xxx/CVE-2021-3537.json | 18 ++++ 2021/3xxx/CVE-2021-3538.json | 18 ++++ 2021/3xxx/CVE-2021-3539.json | 18 ++++ 74 files changed, 3607 insertions(+), 1629 deletions(-) create mode 100644 2021/32xxx/CVE-2021-32062.json create mode 100644 2021/32xxx/CVE-2021-32063.json create mode 100644 2021/32xxx/CVE-2021-32064.json create mode 100644 2021/32xxx/CVE-2021-32065.json create mode 100644 2021/3xxx/CVE-2021-3537.json create mode 100644 2021/3xxx/CVE-2021-3538.json create mode 100644 2021/3xxx/CVE-2021-3539.json diff --git a/2020/17xxx/CVE-2020-17517.json b/2020/17xxx/CVE-2020-17517.json index 4a1a241ebbe..9137c7e0695 100644 --- a/2020/17xxx/CVE-2020-17517.json +++ b/2020/17xxx/CVE-2020-17517.json @@ -64,25 +64,10 @@ }, "references": { "reference_data": [ - { - "refsource": "MLIST", - "name": "[ozone-dev] 20210427 CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users", - "url": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa@%3Cdev.ozone.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20210427 CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users", - "url": "http://www.openwall.com/lists/oss-security/2021/04/27/1" - }, { "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E", "name": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E" - }, - { - "refsource": "MISC", - "name": "https://github.com/CVEProject/cvelist/pull/1455", - "url": "https://github.com/CVEProject/cvelist/pull/1455" } ] }, @@ -95,4 +80,4 @@ "value": "Upgrade to the latest Apache Ozone 1.1.0 release." } ] -} +} \ No newline at end of file diff --git a/2020/19xxx/CVE-2020-19107.json b/2020/19xxx/CVE-2020-19107.json index a5d842ed5fd..5e380f85d00 100644 --- a/2020/19xxx/CVE-2020-19107.json +++ b/2020/19xxx/CVE-2020-19107.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19107", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19107", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9" } ] } diff --git a/2020/19xxx/CVE-2020-19108.json b/2020/19xxx/CVE-2020-19108.json index 119f564cd34..14e82b9d84a 100644 --- a/2020/19xxx/CVE-2020-19108.json +++ b/2020/19xxx/CVE-2020-19108.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19108", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19108", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10" } ] } diff --git a/2020/19xxx/CVE-2020-19109.json b/2020/19xxx/CVE-2020-19109.json index 6e9bd7319a2..d77c8d14656 100644 --- a/2020/19xxx/CVE-2020-19109.json +++ b/2020/19xxx/CVE-2020-19109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12" } ] } diff --git a/2020/19xxx/CVE-2020-19110.json b/2020/19xxx/CVE-2020-19110.json index ea3d758d8b2..46de8018311 100644 --- a/2020/19xxx/CVE-2020-19110.json +++ b/2020/19xxx/CVE-2020-19110.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19110", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11" } ] } diff --git a/2020/19xxx/CVE-2020-19111.json b/2020/19xxx/CVE-2020-19111.json index bea9c3d48da..71615f9d62e 100644 --- a/2020/19xxx/CVE-2020-19111.json +++ b/2020/19xxx/CVE-2020-19111.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19111", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19111", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14" } ] } diff --git a/2020/19xxx/CVE-2020-19112.json b/2020/19xxx/CVE-2020-19112.json index 65e51bef8f9..0c334d68201 100644 --- a/2020/19xxx/CVE-2020-19112.json +++ b/2020/19xxx/CVE-2020-19112.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19112", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19112", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13" } ] } diff --git a/2020/19xxx/CVE-2020-19113.json b/2020/19xxx/CVE-2020-19113.json index 7206d1135b1..4a340220772 100644 --- a/2020/19xxx/CVE-2020-19113.json +++ b/2020/19xxx/CVE-2020-19113.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19113", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15" } ] } diff --git a/2020/19xxx/CVE-2020-19114.json b/2020/19xxx/CVE-2020-19114.json index 0942bdc8a34..6cac355bb99 100644 --- a/2020/19xxx/CVE-2020-19114.json +++ b/2020/19xxx/CVE-2020-19114.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8", + "refsource": "MISC", + "name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8" } ] } diff --git a/2020/23xxx/CVE-2020-23127.json b/2020/23xxx/CVE-2020-23127.json index e5df084265a..64e04f6902f 100644 --- a/2020/23xxx/CVE-2020-23127.json +++ b/2020/23xxx/CVE-2020-23127.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html", + "refsource": "MISC", + "name": "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF", + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF" } ] } diff --git a/2020/23xxx/CVE-2020-23128.json b/2020/23xxx/CVE-2020-23128.json index 8c6052b9fbf..f9cc4f438e5 100644 --- a/2020/23xxx/CVE-2020-23128.json +++ b/2020/23xxx/CVE-2020-23128.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23128", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23128", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html", + "refsource": "MISC", + "name": "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF", + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF" } ] } diff --git a/2020/28xxx/CVE-2020-28007.json b/2020/28xxx/CVE-2020-28007.json index 872850bf6ff..2420e374a89 100644 --- a/2020/28xxx/CVE-2020-28007.json +++ b/2020/28xxx/CVE-2020-28007.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28007", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28007", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28008.json b/2020/28xxx/CVE-2020-28008.json index 0051cff5aee..1272cf4a188 100644 --- a/2020/28xxx/CVE-2020-28008.json +++ b/2020/28xxx/CVE-2020-28008.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28008", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28008", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28009.json b/2020/28xxx/CVE-2020-28009.json index 4eb88944241..390f638d107 100644 --- a/2020/28xxx/CVE-2020-28009.json +++ b/2020/28xxx/CVE-2020-28009.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28009", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28009", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28010.json b/2020/28xxx/CVE-2020-28010.json index aeaeb84507f..b9b28a565f9 100644 --- a/2020/28xxx/CVE-2020-28010.json +++ b/2020/28xxx/CVE-2020-28010.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28010", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28010", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28011.json b/2020/28xxx/CVE-2020-28011.json index f36ca2409f4..82774ebdf83 100644 --- a/2020/28xxx/CVE-2020-28011.json +++ b/2020/28xxx/CVE-2020-28011.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28011", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28011", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28012.json b/2020/28xxx/CVE-2020-28012.json index bee5e22cc5e..1c6103938f0 100644 --- a/2020/28xxx/CVE-2020-28012.json +++ b/2020/28xxx/CVE-2020-28012.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28012", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28012", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28013.json b/2020/28xxx/CVE-2020-28013.json index 82a35f1b7b1..5a1efd20429 100644 --- a/2020/28xxx/CVE-2020-28013.json +++ b/2020/28xxx/CVE-2020-28013.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28013", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28013", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles \"-F '.('\" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28014.json b/2020/28xxx/CVE-2020-28014.json index 27fc76fd56e..16dcf25ccbc 100644 --- a/2020/28xxx/CVE-2020-28014.json +++ b/2020/28xxx/CVE-2020-28014.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28014", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28014", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28015.json b/2020/28xxx/CVE-2020-28015.json index aafc4b97068..33f1ce25f1c 100644 --- a/2020/28xxx/CVE-2020-28015.json +++ b/2020/28xxx/CVE-2020-28015.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28015", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28015", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28016.json b/2020/28xxx/CVE-2020-28016.json index 8e1100d7b48..f48ccfaa76f 100644 --- a/2020/28xxx/CVE-2020-28016.json +++ b/2020/28xxx/CVE-2020-28016.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28016", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28016", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because \"-F ''\" is mishandled by parse_fix_phrase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28017.json b/2020/28xxx/CVE-2020-28017.json index f8920e21a4b..80622f9744e 100644 --- a/2020/28xxx/CVE-2020-28017.json +++ b/2020/28xxx/CVE-2020-28017.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28017", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28017", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28018.json b/2020/28xxx/CVE-2020-28018.json index f97c4231eb5..eb6f231e8ac 100644 --- a/2020/28xxx/CVE-2020-28018.json +++ b/2020/28xxx/CVE-2020-28018.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28018", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28018", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28019.json b/2020/28xxx/CVE-2020-28019.json index e8bf9a45502..7c1fa701e74 100644 --- a/2020/28xxx/CVE-2020-28019.json +++ b/2020/28xxx/CVE-2020-28019.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28019", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28020.json b/2020/28xxx/CVE-2020-28020.json index 427994b1a4f..3c2c27537c7 100644 --- a/2020/28xxx/CVE-2020-28020.json +++ b/2020/28xxx/CVE-2020-28020.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28021.json b/2020/28xxx/CVE-2020-28021.json index 7031bc65580..8521b6f1731 100644 --- a/2020/28xxx/CVE-2020-28021.json +++ b/2020/28xxx/CVE-2020-28021.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28022.json b/2020/28xxx/CVE-2020-28022.json index b02c50cdf49..74a72b8b87c 100644 --- a/2020/28xxx/CVE-2020-28022.json +++ b/2020/28xxx/CVE-2020-28022.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28022", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28022", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28023.json b/2020/28xxx/CVE-2020-28023.json index 7eb0c22ecf8..8eed9d17008 100644 --- a/2020/28xxx/CVE-2020-28023.json +++ b/2020/28xxx/CVE-2020-28023.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28023", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28023", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28024.json b/2020/28xxx/CVE-2020-28024.json index a9cf6fda18c..9a9c55214d4 100644 --- a/2020/28xxx/CVE-2020-28024.json +++ b/2020/28xxx/CVE-2020-28024.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28024", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28024", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28025.json b/2020/28xxx/CVE-2020-28025.json index ffdf84a7e52..6c57f19a0d8 100644 --- a/2020/28xxx/CVE-2020-28025.json +++ b/2020/28xxx/CVE-2020-28025.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28025", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28025", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt" } ] } diff --git a/2020/28xxx/CVE-2020-28026.json b/2020/28xxx/CVE-2020-28026.json index 1c32d4c1b5b..1e1ef94209e 100644 --- a/2020/28xxx/CVE-2020-28026.json +++ b/2020/28xxx/CVE-2020-28026.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28026", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28026", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt" } ] } diff --git a/2021/1xxx/CVE-2021-1428.json b/2021/1xxx/CVE-2021-1428.json index 01e126c1f1a..403752595e8 100644 --- a/2021/1xxx/CVE-2021-1428.json +++ b/2021/1xxx/CVE-2021-1428.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -89,4 +89,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1429.json b/2021/1xxx/CVE-2021-1429.json index 7050e255751..999d8fb5b8d 100644 --- a/2021/1xxx/CVE-2021-1429.json +++ b/2021/1xxx/CVE-2021-1429.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -89,4 +89,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1430.json b/2021/1xxx/CVE-2021-1430.json index f1c7c473bfe..03951151225 100644 --- a/2021/1xxx/CVE-2021-1430.json +++ b/2021/1xxx/CVE-2021-1430.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r " + "value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -89,4 +89,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1438.json b/2021/1xxx/CVE-2021-1438.json index 429f05ac42c..ead347c41a7 100644 --- a/2021/1xxx/CVE-2021-1438.json +++ b/2021/1xxx/CVE-2021-1438.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device.\r The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.\r " + "value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1447.json b/2021/1xxx/CVE-2021-1447.json index 7af620832cf..05a47cd44dd 100644 --- a/2021/1xxx/CVE-2021-1447.json +++ b/2021/1xxx/CVE-2021-1447.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root.\r This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.\r " + "value": "A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21505.json b/2021/21xxx/CVE-2021-21505.json index 1dabe75bf83..fc0c0b26f2b 100644 --- a/2021/21xxx/CVE-2021-21505.json +++ b/2021/21xxx/CVE-2021-21505.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-05-05", - "ID": "CVE-2021-21505", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-05-05", + "ID": "CVE-2021-21505", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Dell EMC Integrated System for Microsoft Azure Stack Hub", + "product_name": "Dell EMC Integrated System for Microsoft Azure Stack Hub", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "2102" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 \u2013 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges." } ] - }, + }, "impact": { "cvss": { - "baseScore": 8.0, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.0, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-255: Credentials Management" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability", + "name": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability" } ] } diff --git a/2021/21xxx/CVE-2021-21527.json b/2021/21xxx/CVE-2021-21527.json index 565e3a2c0f2..bcb59a50170 100644 --- a/2021/21xxx/CVE-2021-21527.json +++ b/2021/21xxx/CVE-2021-21527.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-05-03", - "ID": "CVE-2021-21527", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-05-03", + "ID": "CVE-2021-21527", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "9.0.0 / 9.1.0 / 9.2.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.0, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.0, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000185978" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000185978", + "name": "https://www.dell.com/support/kbdoc/000185978" } ] } diff --git a/2021/21xxx/CVE-2021-21550.json b/2021/21xxx/CVE-2021-21550.json index 2206fdefeec..9c52b239177 100644 --- a/2021/21xxx/CVE-2021-21550.json +++ b/2021/21xxx/CVE-2021-21550.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-05-03", - "ID": "CVE-2021-21550", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-05-03", + "ID": "CVE-2021-21550", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "8.2.x, 9.1.x" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. " + "lang": "eng", + "value": "Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.0, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.0, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000185978" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000185978", + "name": "https://www.dell.com/support/kbdoc/000185978" } ] } diff --git a/2021/22xxx/CVE-2021-22211.json b/2021/22xxx/CVE-2021-22211.json index c7af553d722..eb40cba4c48 100644 --- a/2021/22xxx/CVE-2021-22211.json +++ b/2021/22xxx/CVE-2021-22211.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.11, <13.11.2" + }, + { + "version_value": ">=13.10, <13.10.4" + }, + { + "version_value": ">=13.7, <13.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/298847", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/298847", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.0, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24244.json b/2021/24xxx/CVE-2021-24244.json index 8962e9e64e8..be29f23122c 100644 --- a/2021/24xxx/CVE-2021-24244.json +++ b/2021/24xxx/CVE-2021-24244.json @@ -1,85 +1,85 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24244", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "bitorbit", - "product": { - "product_data": [ - { - "product_name": "WPBakery Page Builder (Visual Composer) Clipboard", - "version": { - "version_data": [ - { - "version_affected": ">=", - "version_name": "4.5.0", - "version_value": "4.5.0" - }, - { - "version_affected": "<", - "version_name": "4.5.8", - "version_value": "4.5.8" + "CVE_data_meta": { + "ID": "CVE-2021-24244", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bitorbit", + "product": { + "product_data": [ + { + "product_name": "WPBakery Page Builder (Visual Composer) Clipboard", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "4.5.0", + "version_value": "4.5.0" + }, + { + "version_affected": "<", + "version_name": "4.5.8", + "version_value": "4.5.8" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9", - "name": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9" - }, - { - "refsource": "MISC", - "url": "https://codecanyon.net/item/visual-composer-clipboard/8897711", - "name": "https://codecanyon.net/item/visual-composer-clipboard/8897711" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-863 Incorrect Authorization", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Charles Strader Sweethill" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://codecanyon.net/item/visual-composer-clipboard/8897711", + "name": "https://codecanyon.net/item/visual-composer-clipboard/8897711" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9", + "name": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Charles Strader Sweethill" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24256.json b/2021/24xxx/CVE-2021-24256.json index 0563de18a88..bca82564a16 100644 --- a/2021/24xxx/CVE-2021-24256.json +++ b/2021/24xxx/CVE-2021-24256.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24256", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor – Header, Footer & Blocks Template", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.5.8", - "version_value": "1.5.8" + "CVE_data_meta": { + "ID": "CVE-2021-24256", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor \u2013 Header, Footer & Blocks Template", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.8", + "version_value": "1.5.8" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e", - "name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cElementor \u2013 Header, Footer & Blocks Template\u201d WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e", + "name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24257.json b/2021/24xxx/CVE-2021-24257.json index bfe9ca103f8..591ced437e6 100644 --- a/2021/24xxx/CVE-2021-24257.json +++ b/2021/24xxx/CVE-2021-24257.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24257", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Premium Addons for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.2.8", - "version_value": "4.2.8" + "CVE_data_meta": { + "ID": "CVE-2021-24257", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Premium Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.2.8", + "version_value": "4.2.8" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25", - "name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cPremium Addons for Elementor\u201d WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25", + "name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24258.json b/2021/24xxx/CVE-2021-24258.json index 52cd42710a1..a5853d25361 100644 --- a/2021/24xxx/CVE-2021-24258.json +++ b/2021/24xxx/CVE-2021-24258.json @@ -1,92 +1,92 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24258", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Wpmet", - "product": { - "product_data": [ - { - "product_name": "Elements Kit Lite", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.2.0", - "version_value": "2.2.0" + "CVE_data_meta": { + "ID": "CVE-2021-24258", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wpmet", + "product": { + "product_data": [ + { + "product_name": "Elements Kit Lite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.0", + "version_value": "2.2.0" + } + ] + } + }, + { + "product_name": "Elements Kit Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.0", + "version_value": "2.2.0" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "Elements Kit Pro", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.2.0", - "version_value": "2.2.0" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f", - "name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f", + "name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24259.json b/2021/24xxx/CVE-2021-24259.json index 4e31b47fa5d..92174d55420 100644 --- a/2021/24xxx/CVE-2021-24259.json +++ b/2021/24xxx/CVE-2021-24259.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24259", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Addon Elements", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.11.2", - "version_value": "1.11.2" + "CVE_data_meta": { + "ID": "CVE-2021-24259", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Addon Elements", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.11.2", + "version_value": "1.11.2" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990", - "name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cElementor Addon Elements\u201d WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990", + "name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24260.json b/2021/24xxx/CVE-2021-24260.json index 1a8af629a8b..b0269bd31e2 100644 --- a/2021/24xxx/CVE-2021-24260.json +++ b/2021/24xxx/CVE-2021-24260.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24260", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Livemesh Addons for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.8", - "version_value": "6.8" + "CVE_data_meta": { + "ID": "CVE-2021-24260", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Livemesh Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.8", + "version_value": "6.8" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021", - "name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cLivemesh Addons for Elementor\u201d WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021", + "name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24261.json b/2021/24xxx/CVE-2021-24261.json index f13547e3db7..b36af556f19 100644 --- a/2021/24xxx/CVE-2021-24261.json +++ b/2021/24xxx/CVE-2021-24261.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24261", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "HT Mega – Absolute Addons for Elementor Page Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.5.7", - "version_value": "1.5.7" + "CVE_data_meta": { + "ID": "CVE-2021-24261", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "HT Mega \u2013 Absolute Addons for Elementor Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.7", + "version_value": "1.5.7" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f", - "name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cHT Mega \u2013 Absolute Addons for Elementor Page Builder\u201d WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f", + "name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24262.json b/2021/24xxx/CVE-2021-24262.json index 48ffef597db..1fb9eba97fd 100644 --- a/2021/24xxx/CVE-2021-24262.json +++ b/2021/24xxx/CVE-2021-24262.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24262", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WooLentor – WooCommerce Elementor Addons + Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.8.6", - "version_value": "1.8.6" + "CVE_data_meta": { + "ID": "CVE-2021-24262", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WooLentor \u2013 WooCommerce Elementor Addons + Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8.6", + "version_value": "1.8.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b", - "name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cWooLentor \u2013 WooCommerce Elementor Addons + Builder\u201d WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b", + "name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24263.json b/2021/24xxx/CVE-2021-24263.json index ae32df58058..19837731346 100644 --- a/2021/24xxx/CVE-2021-24263.json +++ b/2021/24xxx/CVE-2021-24263.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24263", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "PowerPack Addons for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.3.2", - "version_value": "2.3.2" + "CVE_data_meta": { + "ID": "CVE-2021-24263", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "PowerPack Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.2", + "version_value": "2.3.2" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec", - "name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec", + "name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24264.json b/2021/24xxx/CVE-2021-24264.json index fcbc5689d1e..74be3e1f767 100644 --- a/2021/24xxx/CVE-2021-24264.json +++ b/2021/24xxx/CVE-2021-24264.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24264", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Image Hover Effects – Elementor Addon", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.3.4", - "version_value": "1.3.4" + "CVE_data_meta": { + "ID": "CVE-2021-24264", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Image Hover Effects \u2013 Elementor Addon", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.4", + "version_value": "1.3.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f", - "name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cImage Hover Effects \u2013 Elementor Addon\u201d WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f", + "name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24265.json b/2021/24xxx/CVE-2021-24265.json index 92ddd192826..697c901db43 100644 --- a/2021/24xxx/CVE-2021-24265.json +++ b/2021/24xxx/CVE-2021-24265.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24265", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Rife Elementor Extensions & Templates", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.1.6", - "version_value": "1.1.6" + "CVE_data_meta": { + "ID": "CVE-2021-24265", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Rife Elementor Extensions & Templates", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.1.6", + "version_value": "1.1.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863", - "name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cRife Elementor Extensions & Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863", + "name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24266.json b/2021/24xxx/CVE-2021-24266.json index 9f379e829bb..a3c1eeb79e8 100644 --- a/2021/24xxx/CVE-2021-24266.json +++ b/2021/24xxx/CVE-2021-24266.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24266", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "The Plus Addons for Elementor Page Builder Lite", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.0.6", - "version_value": "2.0.6" + "CVE_data_meta": { + "ID": "CVE-2021-24266", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "The Plus Addons for Elementor Page Builder Lite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.6", + "version_value": "2.0.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578", - "name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cThe Plus Addons for Elementor Page Builder Lite\u201d WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578", + "name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24267.json b/2021/24xxx/CVE-2021-24267.json index bc27dcdb942..3226789c32c 100644 --- a/2021/24xxx/CVE-2021-24267.json +++ b/2021/24xxx/CVE-2021-24267.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24267", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "All-in-One Addons for Elementor – WidgetKit", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.3.10", - "version_value": "2.3.10" + "CVE_data_meta": { + "ID": "CVE-2021-24267", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "All-in-One Addons for Elementor \u2013 WidgetKit", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.10", + "version_value": "2.3.10" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19", - "name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cAll-in-One Addons for Elementor \u2013 WidgetKit\u201d WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19", + "name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24268.json b/2021/24xxx/CVE-2021-24268.json index 80dbadb674a..8f6030a6d46 100644 --- a/2021/24xxx/CVE-2021-24268.json +++ b/2021/24xxx/CVE-2021-24268.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24268", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "JetWidgets For Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.0.9", - "version_value": "1.0.9" + "CVE_data_meta": { + "ID": "CVE-2021-24268", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "JetWidgets For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.9", + "version_value": "1.0.9" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b", - "name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cJetWidgets For Elementor\u201d WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b", + "name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24269.json b/2021/24xxx/CVE-2021-24269.json index 54b66dd7388..bcdd78ee111 100644 --- a/2021/24xxx/CVE-2021-24269.json +++ b/2021/24xxx/CVE-2021-24269.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24269", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Sina Extension for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.3.12", - "version_value": "3.3.12" + "CVE_data_meta": { + "ID": "CVE-2021-24269", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Sina Extension for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3.12", + "version_value": "3.3.12" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9", - "name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cSina Extension for Elementor\u201d WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9", + "name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24270.json b/2021/24xxx/CVE-2021-24270.json index 21e72a31d69..a64485c5d10 100644 --- a/2021/24xxx/CVE-2021-24270.json +++ b/2021/24xxx/CVE-2021-24270.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24270", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "DethemeKit For Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.5.5.5", - "version_value": "1.5.5.5" + "CVE_data_meta": { + "ID": "CVE-2021-24270", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "DethemeKit For Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.5.5", + "version_value": "1.5.5.5" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978", - "name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cDeTheme Kit for Elementor\u201d WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978", + "name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24271.json b/2021/24xxx/CVE-2021-24271.json index ed556e5abbb..0963b342019 100644 --- a/2021/24xxx/CVE-2021-24271.json +++ b/2021/24xxx/CVE-2021-24271.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24271", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Ultimate Addons for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.30.0", - "version_value": "1.30.0" + "CVE_data_meta": { + "ID": "CVE-2021-24271", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ultimate Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.30.0", + "version_value": "1.30.0" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79", - "name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cUltimate Addons for Elementor\u201d WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79", + "name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24273.json b/2021/24xxx/CVE-2021-24273.json index 19be8118368..a1a34435c89 100644 --- a/2021/24xxx/CVE-2021-24273.json +++ b/2021/24xxx/CVE-2021-24273.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24273", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "CleverSoft", - "product": { - "product_data": [ - { - "product_name": "Clever Addons for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.1.0", - "version_value": "2.1.0" + "CVE_data_meta": { + "ID": "CVE-2021-24273", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CleverSoft", + "product": { + "product_data": [ + { + "product_name": "Clever Addons for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.0", + "version_value": "2.1.0" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6", - "name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", - "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \u201cClever Addons for Elementor\u201d WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/", + "name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6", + "name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26543.json b/2021/26xxx/CVE-2021-26543.json index 3031fcd82ab..aa8a178420e 100644 --- a/2021/26xxx/CVE-2021-26543.json +++ b/2021/26xxx/CVE-2021-26543.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26543", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"gitDiff\" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/package/git-parse", + "refsource": "MISC", + "name": "https://www.npmjs.com/package/git-parse" + }, + { + "refsource": "MISC", + "name": "https://advisory.checkmarx.net/advisory/CX-2020-4302", + "url": "https://advisory.checkmarx.net/advisory/CX-2020-4302" } ] } diff --git a/2021/27xxx/CVE-2021-27216.json b/2021/27xxx/CVE-2021-27216.json index 5f5a9a1562f..eee77e6aea7 100644 --- a/2021/27xxx/CVE-2021-27216.json +++ b/2021/27xxx/CVE-2021-27216.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt", + "url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt" } ] } diff --git a/2021/29xxx/CVE-2021-29101.json b/2021/29xxx/CVE-2021-29101.json index d39a77bfe3e..c4aadcdc61a 100644 --- a/2021/29xxx/CVE-2021-29101.json +++ b/2021/29xxx/CVE-2021-29101.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "PSIRT@esri.com", + "ASSIGNER": "psirt@esri.com", "DATE_PUBLIC": "2021-05-03T18:39:00.000Z", "ID": "CVE-2021-29101", "STATE": "PUBLIC", @@ -96,4 +96,4 @@ ], "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29921.json b/2021/29xxx/CVE-2021-29921.json index 7002bb87c73..182c11c58fb 100644 --- a/2021/29xxx/CVE-2021-29921.json +++ b/2021/29xxx/CVE-2021-29921.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sickcodes", + "refsource": "MISC", + "name": "https://github.com/sickcodes" + }, + { + "url": "https://docs.python.org/3/library/ipaddress.html", + "refsource": "MISC", + "name": "https://docs.python.org/3/library/ipaddress.html" + }, + { + "url": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst", + "refsource": "MISC", + "name": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst" + }, + { + "refsource": "MISC", + "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md", + "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md" + }, + { + "refsource": "MISC", + "name": "https://sick.codes/sick-2021-014", + "url": "https://sick.codes/sick-2021-014" + }, + { + "refsource": "MISC", + "name": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html", + "url": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.python.org/issue36384", + "url": "https://bugs.python.org/issue36384" + }, + { + "refsource": "MISC", + "name": "https://github.com/python/cpython/pull/12577", + "url": "https://github.com/python/cpython/pull/12577" + }, + { + "refsource": "MISC", + "name": "https://github.com/python/cpython/pull/25099", + "url": "https://github.com/python/cpython/pull/25099" } ] } diff --git a/2021/31xxx/CVE-2021-31245.json b/2021/31xxx/CVE-2021-31245.json index 2ba67053500..f71c4e86096 100644 --- a/2021/31xxx/CVE-2021-31245.json +++ b/2021/31xxx/CVE-2021-31245.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31245", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31245", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ysurac/openmptcprouter-vps-admin", + "refsource": "MISC", + "name": "https://github.com/Ysurac/openmptcprouter-vps-admin" + }, + { + "url": "https://www.openmptcprouter.com/", + "refsource": "MISC", + "name": "https://www.openmptcprouter.com/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1", + "url": "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1" + }, + { + "refsource": "MISC", + "name": "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80", + "url": "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80" } ] } diff --git a/2021/31xxx/CVE-2021-31532.json b/2021/31xxx/CVE-2021-31532.json index 9bdb8060914..87fa219f032 100644 --- a/2021/31xxx/CVE-2021-31532.json +++ b/2021/31xxx/CVE-2021-31532.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31532", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), and LPC55S1x, LPC551x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. The peripheral is accessible from any execution mode (secure/privileged, secure/unprivileged, non-secure/privileged, non-secure/unprivileged). The ROM includes a set of APIs intended for use by a secure application to perform flash and in-application programming (IAP) operations. An attacker may use the ROM patch peripheral to modify the implementation of these ROM APIs from a non-secure, unprivileged context. If a non-secure application can also cause the secure application to invoke these ROM APIs, this provides privilege escalation and arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nxp.com", + "refsource": "MISC", + "name": "https://www.nxp.com" + }, + { + "refsource": "MISC", + "name": "https://oxide.computer/blog/lpc55/", + "url": "https://oxide.computer/blog/lpc55/" } ] } diff --git a/2021/31xxx/CVE-2021-31616.json b/2021/31xxx/CVE-2021-31616.json index d6317c46288..46460a7b874 100644 --- a/2021/31xxx/CVE-2021-31616.json +++ b/2021/31xxx/CVE-2021-31616.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0", + "refsource": "MISC", + "name": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0" + }, + { + "url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836", + "refsource": "MISC", + "name": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836" + }, + { + "refsource": "MISC", + "name": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/", + "url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/" } ] } diff --git a/2021/32xxx/CVE-2021-32062.json b/2021/32xxx/CVE-2021-32062.json new file mode 100644 index 00000000000..b375b4c94a3 --- /dev/null +++ b/2021/32xxx/CVE-2021-32062.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-32062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mapserver.org/development/changelog/changelog-7-6.html", + "refsource": "MISC", + "name": "https://mapserver.org/development/changelog/changelog-7-6.html" + }, + { + "url": "https://mapserver.org/development/changelog/changelog-7-4.html", + "refsource": "MISC", + "name": "https://mapserver.org/development/changelog/changelog-7-4.html" + }, + { + "url": "https://mapserver.org/development/changelog/changelog-7-2.html", + "refsource": "MISC", + "name": "https://mapserver.org/development/changelog/changelog-7-2.html" + }, + { + "url": "https://mapserver.org/development/changelog/changelog-7-0.html", + "refsource": "MISC", + "name": "https://mapserver.org/development/changelog/changelog-7-0.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32063.json b/2021/32xxx/CVE-2021-32063.json new file mode 100644 index 00000000000..709e515b08f --- /dev/null +++ b/2021/32xxx/CVE-2021-32063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32064.json b/2021/32xxx/CVE-2021-32064.json new file mode 100644 index 00000000000..7dd2da9816c --- /dev/null +++ b/2021/32xxx/CVE-2021-32064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32065.json b/2021/32xxx/CVE-2021-32065.json new file mode 100644 index 00000000000..799b5ebf964 --- /dev/null +++ b/2021/32xxx/CVE-2021-32065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3450.json b/2021/3xxx/CVE-2021-3450.json index 8e1a9125ed5..3d16e8441db 100644 --- a/2021/3xxx/CVE-2021-3450.json +++ b/2021/3xxx/CVE-2021-3450.json @@ -77,6 +77,11 @@ "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, + { + "name": "https://www.openssl.org/news/secadv/20210325.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20210325.txt" + }, { "refsource": "CISCO", "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", @@ -136,6 +141,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356" + }, + { + "refsource": "MISC", + "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html", + "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" } ] } diff --git a/2021/3xxx/CVE-2021-3501.json b/2021/3xxx/CVE-2021-3501.json index 83e5bc2adc9..abcce982414 100644 --- a/2021/3xxx/CVE-2021-3501.json +++ b/2021/3xxx/CVE-2021-3501.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 5.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950136", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950136" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3537.json b/2021/3xxx/CVE-2021-3537.json new file mode 100644 index 00000000000..cc015a03ac2 --- /dev/null +++ b/2021/3xxx/CVE-2021-3537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3538.json b/2021/3xxx/CVE-2021-3538.json new file mode 100644 index 00000000000..7807d83c9df --- /dev/null +++ b/2021/3xxx/CVE-2021-3538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3539.json b/2021/3xxx/CVE-2021-3539.json new file mode 100644 index 00000000000..d9df96ca602 --- /dev/null +++ b/2021/3xxx/CVE-2021-3539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file