diff --git a/2021/32xxx/CVE-2021-32004.json b/2021/32xxx/CVE-2021-32004.json index 793592fbc76..102afc6d301 100644 --- a/2021/32xxx/CVE-2021-32004.json +++ b/2021/32xxx/CVE-2021-32004.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GateManager does not enforce strict hostname matching for WEB server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GateManager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All", + "version_value": "9.6" + } + ] + } + } + ] + }, + "vendor_name": "Secomea" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Acunetix" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.secomea.com/support/cybersecurity-advisory/#4578", + "name": "https://www.secomea.com/support/cybersecurity-advisory/#4578" + } + ] + }, + "source": { + "defect": [ + "RD-4578" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37334.json b/2021/37xxx/CVE-2021-37334.json index e98e2076327..7261ac1384d 100644 --- a/2021/37xxx/CVE-2021-37334.json +++ b/2021/37xxx/CVE-2021-37334.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion." + "value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server." } ] }, diff --git a/2021/43xxx/CVE-2021-43409.json b/2021/43xxx/CVE-2021-43409.json index 684210608b7..b8f4e83412a 100644 --- a/2021/43xxx/CVE-2021-43409.json +++ b/2021/43xxx/CVE-2021-43409.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The \"WPO365 | LOGIN\" WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker." + "value": "The \u201cWPO365 | LOGIN\u201d WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker." } ] }, diff --git a/2021/44xxx/CVE-2021-44144.json b/2021/44xxx/CVE-2021-44144.json new file mode 100644 index 00000000000..e3c8e004b96 --- /dev/null +++ b/2021/44xxx/CVE-2021-44144.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CroatiaControlLtd/asterix/issues/183", + "refsource": "MISC", + "name": "https://github.com/CroatiaControlLtd/asterix/issues/183" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4002.json b/2021/4xxx/CVE-2021-4002.json new file mode 100644 index 00000000000..8455fa5bfa1 --- /dev/null +++ b/2021/4xxx/CVE-2021-4002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file