diff --git a/2019/17xxx/CVE-2019-17582.json b/2019/17xxx/CVE-2019-17582.json new file mode 100644 index 00000000000..8177fb592f1 --- /dev/null +++ b/2019/17xxx/CVE-2019-17582.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states \"This use-after-free is triggered prior to the double free reported in CVE-2017-12858.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://libzip.org/libzip-discuss/", + "refsource": "MISC", + "name": "https://libzip.org/libzip-discuss/" + }, + { + "refsource": "MISC", + "name": "https://github.com/nih-at/libzip/issues/5", + "url": "https://github.com/nih-at/libzip/issues/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796", + "url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19319.json b/2019/19xxx/CVE-2019-19319.json index 27c3df4d515..44cd0d35a02 100644 --- a/2019/19xxx/CVE-2019-19319.json +++ b/2019/19xxx/CVE-2019-19319.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call." + "value": "In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30." } ] }, @@ -91,6 +91,16 @@ "refsource": "UBUNTU", "name": "USN-4391-1", "url": "https://usn.ubuntu.com/4391-1/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158021", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158021" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=345c0dbf3a30", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=345c0dbf3a30" } ] } diff --git a/2020/13xxx/CVE-2020-13117.json b/2020/13xxx/CVE-2020-13117.json index d45ff2f8e32..86bf93da5e9 100644 --- a/2020/13xxx/CVE-2020-13117.json +++ b/2020/13xxx/CVE-2020-13117.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13117", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html", + "url": "https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html" } ] } diff --git a/2020/18xxx/CVE-2020-18215.json b/2020/18xxx/CVE-2020-18215.json index 764887c8f3c..bba5cae5eab 100644 --- a/2020/18xxx/CVE-2020-18215.json +++ b/2020/18xxx/CVE-2020-18215.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18215", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18215", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lemon666/vuln/blob/master/Phpshe1.7_sql1.md", + "refsource": "MISC", + "name": "https://github.com/lemon666/vuln/blob/master/Phpshe1.7_sql1.md" + }, + { + "refsource": "MISC", + "name": "https://gitee.com/koyshe/phpshe/issues/ITLK2", + "url": "https://gitee.com/koyshe/phpshe/issues/ITLK2" } ] } diff --git a/2020/28xxx/CVE-2020-28644.json b/2020/28xxx/CVE-2020-28644.json index 179afb6867f..01ed9e313e7 100644 --- a/2020/28xxx/CVE-2020-28644.json +++ b/2020/28xxx/CVE-2020-28644.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28644", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28644", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/", + "url": "https://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/" } ] } diff --git a/2020/28xxx/CVE-2020-28645.json b/2020/28xxx/CVE-2020-28645.json index 5e27929508f..03fa1ea3462 100644 --- a/2020/28xxx/CVE-2020-28645.json +++ b/2020/28xxx/CVE-2020-28645.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28645", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28645", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/", + "url": "https://owncloud.com/security-advisories/missing-user-validation-leading-to-information-disclosure/" } ] } diff --git a/2021/22xxx/CVE-2021-22267.json b/2021/22xxx/CVE-2021-22267.json index 6d43c1bdeb4..0f1005dd311 100644 --- a/2021/22xxx/CVE-2021-22267.json +++ b/2021/22xxx/CVE-2021-22267.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-22267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-22267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://idelji.com", + "refsource": "MISC", + "name": "https://idelji.com" + }, + { + "refsource": "MISC", + "name": "https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji", + "url": "https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji" + }, + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04076en_us", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04076en_us" } ] } diff --git a/2021/3xxx/CVE-2021-3191.json b/2021/3xxx/CVE-2021-3191.json index d3b48d3acad..0a3f48508ed 100644 --- a/2021/3xxx/CVE-2021-3191.json +++ b/2021/3xxx/CVE-2021-3191.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3191", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3191", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://idelji.com", + "refsource": "MISC", + "name": "https://idelji.com" + }, + { + "refsource": "MISC", + "name": "https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji", + "url": "https://techpartner.ext.hpe.com/TechPartner/PartnerDetail.xhtml?Partner=Idelji" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04081en_us", + "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbns04081en_us" } ] } diff --git a/2021/3xxx/CVE-2021-3403.json b/2021/3xxx/CVE-2021-3403.json new file mode 100644 index 00000000000..876c7f471be --- /dev/null +++ b/2021/3xxx/CVE-2021-3403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3404.json b/2021/3xxx/CVE-2021-3404.json new file mode 100644 index 00000000000..a764e555919 --- /dev/null +++ b/2021/3xxx/CVE-2021-3404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file