From 0649afc31e0dcc6bc8b7405b7815357e5ae0bc36 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Apr 2021 17:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13411.json | 2 +- 2018/13xxx/CVE-2018-13412.json | 2 +- 2019/15xxx/CVE-2019-15132.json | 5 +++++ 2020/15xxx/CVE-2020-15588.json | 2 +- 2020/15xxx/CVE-2020-15803.json | 5 +++++ 2020/35xxx/CVE-2020-35846.json | 5 +++++ 2020/35xxx/CVE-2020-35847.json | 5 +++++ 2020/5xxx/CVE-2020-5792.json | 5 +++++ 2021/21xxx/CVE-2021-21425.json | 5 +++++ 2021/25xxx/CVE-2021-25679.json | 5 +++++ 2021/25xxx/CVE-2021-25680.json | 5 +++++ 2021/25xxx/CVE-2021-25681.json | 5 +++++ 2021/30xxx/CVE-2021-30044.json | 5 +++++ 2021/31xxx/CVE-2021-31152.json | 5 +++++ 2021/3xxx/CVE-2021-3138.json | 5 +++++ 15 files changed, 63 insertions(+), 3 deletions(-) diff --git a/2018/13xxx/CVE-2018-13411.json b/2018/13xxx/CVE-2018-13411.json index 0577bcd5cb3..ef0946cd941 100644 --- a/2018/13xxx/CVE-2018-13411.json +++ b/2018/13xxx/CVE-2018-13411.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges." + "value": "An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version." } ] }, diff --git a/2018/13xxx/CVE-2018-13412.json b/2018/13xxx/CVE-2018-13412.json index 7978e67e50c..8d71d6e101d 100644 --- a/2018/13xxx/CVE-2018-13412.json +++ b/2018/13xxx/CVE-2018-13412.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges." + "value": "An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version." } ] }, diff --git a/2019/15xxx/CVE-2019-15132.json b/2019/15xxx/CVE-2019-15132.json index 8085b99bd5e..1d43ef35022 100644 --- a/2019/15xxx/CVE-2019-15132.json +++ b/2019/15xxx/CVE-2019-15132.json @@ -56,6 +56,11 @@ "url": "https://support.zabbix.com/browse/ZBX-16532", "refsource": "MISC", "name": "https://support.zabbix.com/browse/ZBX-16532" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html" } ] } diff --git a/2020/15xxx/CVE-2020-15588.json b/2020/15xxx/CVE-2020-15588.json index f20aad5759a..63cd9f92c80 100644 --- a/2020/15xxx/CVE-2020-15588.json +++ b/2020/15xxx/CVE-2020-15588.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges." + "value": "An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication." } ] }, diff --git a/2020/15xxx/CVE-2020-15803.json b/2020/15xxx/CVE-2020-15803.json index ae53f2df095..bb77987e4dc 100644 --- a/2020/15xxx/CVE-2020-15803.json +++ b/2020/15xxx/CVE-2020-15803.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1604", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html" } ] } diff --git a/2020/35xxx/CVE-2020-35846.json b/2020/35xxx/CVE-2020-35846.json index 77811f6f10d..66492d13794 100644 --- a/2020/35xxx/CVE-2020-35846.json +++ b/2020/35xxx/CVE-2020-35846.json @@ -71,6 +71,11 @@ "url": "https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466", "refsource": "MISC", "name": "https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html" } ] } diff --git a/2020/35xxx/CVE-2020-35847.json b/2020/35xxx/CVE-2020-35847.json index 46510be4013..a2dec43224e 100644 --- a/2020/35xxx/CVE-2020-35847.json +++ b/2020/35xxx/CVE-2020-35847.json @@ -71,6 +71,11 @@ "url": "https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466", "refsource": "MISC", "name": "https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/162282/Cockpit-CMS-0.11.1-NoSQL-Injection-Remote-Command-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5792.json b/2020/5xxx/CVE-2020-5792.json index df71e22810b..5a41f7fe154 100644 --- a/2020/5xxx/CVE-2020-5792.json +++ b/2020/5xxx/CVE-2020-5792.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2020-58", "url": "https://www.tenable.com/security/research/tra-2020-58" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162284/Nagios-XI-5.7.3-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162284/Nagios-XI-5.7.3-Remote-Code-Execution.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21425.json b/2021/21xxx/CVE-2021-21425.json index 928aee55b33..d54ce25b694 100644 --- a/2021/21xxx/CVE-2021-21425.json +++ b/2021/21xxx/CVE-2021-21425.json @@ -78,6 +78,11 @@ "name": "https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj", "refsource": "CONFIRM", "url": "https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html" } ] }, diff --git a/2021/25xxx/CVE-2021-25679.json b/2021/25xxx/CVE-2021-25679.json index c79be16a109..7816745c5f4 100644 --- a/2021/25xxx/CVE-2021-25679.json +++ b/2021/25xxx/CVE-2021-25679.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25679.md", "url": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25679.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162268/Adtran-Personal-Phone-Manager-10.8.1-Persistent-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/162268/Adtran-Personal-Phone-Manager-10.8.1-Persistent-Cross-Site-Scripting.html" } ] } diff --git a/2021/25xxx/CVE-2021-25680.json b/2021/25xxx/CVE-2021-25680.json index 4ff60d94642..90de2f5b857 100644 --- a/2021/25xxx/CVE-2021-25680.json +++ b/2021/25xxx/CVE-2021-25680.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md", "url": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html" } ] } diff --git a/2021/25xxx/CVE-2021-25681.json b/2021/25xxx/CVE-2021-25681.json index e75398c61ea..b9af9639075 100644 --- a/2021/25xxx/CVE-2021-25681.json +++ b/2021/25xxx/CVE-2021-25681.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.md", "url": "https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25681.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162280/Adtran-Personal-Phone-Manager-10.8.1-DNS-Exfiltration.html", + "url": "http://packetstormsecurity.com/files/162280/Adtran-Personal-Phone-Manager-10.8.1-DNS-Exfiltration.html" } ] } diff --git a/2021/30xxx/CVE-2021-30044.json b/2021/30xxx/CVE-2021-30044.json index f1a51129914..b3fc67af932 100644 --- a/2021/30xxx/CVE-2021-30044.json +++ b/2021/30xxx/CVE-2021-30044.json @@ -56,6 +56,11 @@ "url": "https://github.com/remoteclinic/RemoteClinic/issues/13", "refsource": "MISC", "name": "https://github.com/remoteclinic/RemoteClinic/issues/13" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162262/RemoteClinic-2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/162262/RemoteClinic-2-Cross-Site-Scripting.html" } ] } diff --git a/2021/31xxx/CVE-2021-31152.json b/2021/31xxx/CVE-2021-31152.json index e1ddcd8620f..51d190c5afb 100644 --- a/2021/31xxx/CVE-2021-31152.json +++ b/2021/31xxx/CVE-2021-31152.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.youtube.com/watch?v=zN3DVrcu6Eg", "url": "https://www.youtube.com/watch?v=zN3DVrcu6Eg" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html" } ] } diff --git a/2021/3xxx/CVE-2021-3138.json b/2021/3xxx/CVE-2021-3138.json index ba889527fb0..126f8a1ef34 100644 --- a/2021/3xxx/CVE-2021-3138.json +++ b/2021/3xxx/CVE-2021-3138.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/Mesh3l911/Disource", "url": "https://github.com/Mesh3l911/Disource" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html", + "url": "http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html" } ] }