mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
9aa2732441
commit
171b79fba7
@ -54,6 +54,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E",
|
||||
"url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability",
|
||||
"url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d@%3Cuser.roller.apache.org%3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.\n\n"
|
||||
"value": "Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -72,16 +72,16 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3"
|
||||
},
|
||||
{
|
||||
"name": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11",
|
||||
"refsource": "MISC",
|
||||
|
||||
@ -72,16 +72,16 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/"
|
||||
},
|
||||
{
|
||||
"name": "https://docs.rocket.chat/guides/security/security-updates",
|
||||
"refsource": "MISC",
|
||||
"url": "https://docs.rocket.chat/guides/security/security-updates"
|
||||
},
|
||||
{
|
||||
"name": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3",
|
||||
"refsource": "MISC",
|
||||
|
||||
@ -1,17 +1,71 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-36692",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2021-36692",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/libjxl/libjxl/issues/308",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/libjxl/libjxl/issues/308"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/libjxl/libjxl/pull/313",
|
||||
"url": "https://github.com/libjxl/libjxl/pull/313"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b",
|
||||
"url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands via the id parameter on the achat/produit_details.php?id={SQLi] endpoint. Upon a successful SQL injection attack, an attacker can read sensitive data from the database or modify database data."
|
||||
"value": "PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,16 @@
|
||||
"url": "https://github.com/advisto/peel-shopping/issues/3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/advisto/peel-shopping/issues/3"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/",
|
||||
"url": "http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md",
|
||||
"url": "https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user