admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-12 15:00:43 +00:00
parent 9a47fa3d2d
commit 1ff1b692b1
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 993 additions and 862 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/15xxx/CVE-2020-15942.json
View File

@ -64,6 +64,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-076", "name": "https://fortiguard.com/advisory/FG-IR-20-076",
"url": "https://fortiguard.com/advisory/FG-IR-20-076" "url": "https://fortiguard.com/advisory/FG-IR-20-076"
},
{
"refsource": "CONFIRM",
"name": "https://www.fortiguard.com/psirt/FG-IR-20-076",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-076"
} }
] ]
}, },

88
2021/22xxx/CVE-2021-22190.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-22190", "ID": "CVE-2021-22190",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@gitlab.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.7, <13.7.8"
},
{
"version_value": ">=13.8, <13.8.5"
},
{
"version_value": ">=13.9, <13.9.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper handling of url encoding (hex encoding) in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300281",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300281",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1040786",
"url": "https://hackerone.com/reports/1040786",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token"
} }
] ]
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 8.5,
"baseSeverity": "HIGH"
} }
},
"credit": [
{
"lang": "eng",
"value": "Thanks ledz1996 for reporting this vulnerability through our HackerOne bug bounty program"
}
]
} }

4
2021/23xxx/CVE-2021-23358.json
View File

@ -51,7 +51,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Arbitrary Code Injection" "value": " Arbitrary Code Injection"
} }
] ]
} }
@ -100,7 +100,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized." "value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
} }
] ]
}, },

14
2021/24xxx/CVE-2021-24197.json
View File

@ -17,7 +17,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "wpDataTables Tables & Table Charts", "product_name": "wpDataTables \u2013 Tables & Table Charts",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -38,12 +38,17 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table." "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
},
{ {
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b", "url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b",
@ -53,11 +58,6 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/", "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/" "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpdatatables.com/help/whats-new-changelog/"
} }
] ]
}, },

16
2021/24xxx/CVE-2021-24198.json
View File

@ -17,7 +17,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "wpDataTables Tables & Table Charts", "product_name": "wpDataTables \u2013 Tables & Table Charts",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -38,16 +38,16 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table." "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3", "url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3" "name": "https://wpdatatables.com/help/whats-new-changelog/"
}, },
{ {
"refsource": "MISC", "refsource": "MISC",
@ -55,9 +55,9 @@
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/" "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}, },
{ {
"refsource": "MISC", "refsource": "CONFIRM",
"url": "https://wpdatatables.com/help/whats-new-changelog/", "url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3",
"name": "https://wpdatatables.com/help/whats-new-changelog/" "name": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
} }
] ]
}, },

16
2021/24xxx/CVE-2021-24199.json
View File

@ -17,7 +17,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "wpDataTables Tables & Table Charts", "product_name": "wpDataTables \u2013 Tables & Table Charts",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -38,16 +38,16 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application." "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280", "url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280" "name": "https://wpdatatables.com/help/whats-new-changelog/"
}, },
{ {
"refsource": "MISC", "refsource": "MISC",
@ -55,9 +55,9 @@
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/" "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}, },
{ {
"refsource": "MISC", "refsource": "CONFIRM",
"url": "https://wpdatatables.com/help/whats-new-changelog/", "url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280",
"name": "https://wpdatatables.com/help/whats-new-changelog/" "name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
} }
] ]
}, },

16
2021/24xxx/CVE-2021-24200.json
View File

@ -17,7 +17,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "wpDataTables Tables & Table Charts", "product_name": "wpDataTables \u2013 Tables & Table Charts",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -38,16 +38,16 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The wpDataTables Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application." "value": "The wpDataTables \u2013 Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9", "url": "https://wpdatatables.com/help/whats-new-changelog/",
"name": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9" "name": "https://wpdatatables.com/help/whats-new-changelog/"
}, },
{ {
"refsource": "MISC", "refsource": "MISC",
@ -55,9 +55,9 @@
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/" "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}, },
{ {
"refsource": "MISC", "refsource": "CONFIRM",
"url": "https://wpdatatables.com/help/whats-new-changelog/", "url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9",
"name": "https://wpdatatables.com/help/whats-new-changelog/" "name": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
} }
] ]
}, },

10
2021/24xxx/CVE-2021-24218.json
View File

@ -49,15 +49,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4",
"name": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/", "url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/",
"name": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/" "name": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4",
"name": "https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4"
} }
] ]
}, },

12
2021/24xxx/CVE-2021-24220.json
View File

@ -146,21 +146,21 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code." "value": "Thrive \u201cLegacy\u201d Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac",
"name": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild", "url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild",
"name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild" "name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac",
"name": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac"
} }
] ]
}, },

10
2021/24xxx/CVE-2021-24228.json
View File

@ -44,15 +44,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b",
"name": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/" "name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b",
"name": "https://wpscan.com/vulnerability/7a5fadb1-3f1c-4779-8ff6-356fccb5269b"
} }
] ]
}, },

12
2021/24xxx/CVE-2021-24229.json
View File

@ -38,21 +38,21 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the manage_options privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability." "value": "The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the \u2018manage_options\u2019 privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f",
"name": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/" "name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f",
"name": "https://wpscan.com/vulnerability/001755c4-add3-4566-a022-ab1f83546c1f"
} }
] ]
}, },

12
2021/24xxx/CVE-2021-24230.json
View File

@ -38,21 +38,21 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victims account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user accounts roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content." "value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim\u2019s account once visited. If exploited, this bug can be used to overwrite the \u201cwp_capabilities\u201d meta, which contains the affected user account\u2019s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531",
"name": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/" "name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531",
"name": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"
} }
] ]
}, },

10
2021/24xxx/CVE-2021-24231.json
View File

@ -44,15 +44,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500",
"name": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/",
"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/" "name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500",
"name": "https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500"
} }
] ]
}, },

50
2021/27xxx/CVE-2021-27486.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-27486", "ID": "CVE-2021-27486",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FATEK Automation WinProladder",
"version": {
"version_data": [
{
"version_value": "WinProladder Versions 3.30 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-098-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-098-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code."
} }
] ]
} }

4
2021/3xxx/CVE-2021-3465.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-3465", "ID": "CVE-2021-3465",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }