diff --git a/2019/0xxx/CVE-2019-0234.json b/2019/0xxx/CVE-2019-0234.json index 8070e395479..c3bafd65d5d 100644 --- a/2019/0xxx/CVE-2019-0234.json +++ b/2019/0xxx/CVE-2019-0234.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E", "url": "https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf@%3Cdev.roller.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability", + "url": "https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d@%3Cuser.roller.apache.org%3E" } ] }, diff --git a/2021/32xxx/CVE-2021-32831.json b/2021/32xxx/CVE-2021-32831.json index 1553c94ef77..6e8b9f65f0c 100644 --- a/2021/32xxx/CVE-2021-32831.json +++ b/2021/32xxx/CVE-2021-32831.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.\n\n" + "value": "Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9." } ] }, @@ -72,16 +72,16 @@ }, "references": { "reference_data": [ - { - "name": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/", - "refsource": "CONFIRM", - "url": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/" - }, { "name": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3", "refsource": "MISC", "url": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3" }, + { + "name": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/" + }, { "name": "https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11", "refsource": "MISC", diff --git a/2021/32xxx/CVE-2021-32832.json b/2021/32xxx/CVE-2021-32832.json index 3e0a93e0731..b516d85bbce 100644 --- a/2021/32xxx/CVE-2021-32832.json +++ b/2021/32xxx/CVE-2021-32832.json @@ -72,16 +72,16 @@ }, "references": { "reference_data": [ - { - "name": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/", - "refsource": "CONFIRM", - "url": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/" - }, { "name": "https://docs.rocket.chat/guides/security/security-updates", "refsource": "MISC", "url": "https://docs.rocket.chat/guides/security/security-updates" }, + { + "name": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2020-310-redos-Rocket.Chat/" + }, { "name": "https://github.com/RocketChat/Rocket.Chat/releases/tag/3.11.3", "refsource": "MISC", diff --git a/2021/36xxx/CVE-2021-36692.json b/2021/36xxx/CVE-2021-36692.json index 76c96f700c6..01a7f6f4f6f 100644 --- a/2021/36xxx/CVE-2021-36692.json +++ b/2021/36xxx/CVE-2021-36692.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36692", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36692", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libjxl/libjxl/issues/308", + "refsource": "MISC", + "name": "https://github.com/libjxl/libjxl/issues/308" + }, + { + "refsource": "MISC", + "name": "https://github.com/libjxl/libjxl/pull/313", + "url": "https://github.com/libjxl/libjxl/pull/313" + }, + { + "refsource": "MISC", + "name": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b", + "url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b" } ] } diff --git a/2021/37xxx/CVE-2021-37593.json b/2021/37xxx/CVE-2021-37593.json index 8c1087b37bd..4b10812e648 100644 --- a/2021/37xxx/CVE-2021-37593.json +++ b/2021/37xxx/CVE-2021-37593.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands via the id parameter on the achat/produit_details.php?id={SQLi] endpoint. Upon a successful SQL injection attack, an attacker can read sensitive data from the database or modify database data." + "value": "PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data." } ] }, @@ -56,6 +56,16 @@ "url": "https://github.com/advisto/peel-shopping/issues/3", "refsource": "MISC", "name": "https://github.com/advisto/peel-shopping/issues/3" + }, + { + "refsource": "MISC", + "name": "http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/", + "url": "http://www.netbytesec.com/advisories/UnauthenticatedBlindSQLInjectionVulnerabilityInPEELShopping/" + }, + { + "refsource": "MISC", + "name": "https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md", + "url": "https://github.com/faisalfs10x/CVE-IDs/blob/main/2021/CVE-2021-37593/Proof_of_Concept.md" } ] }