From 2321d8b07ebd1ce7ddb6b17de57fca747ec62881 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Dec 2021 12:01:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/24xxx/CVE-2021-24998.json | 144 ++++++++++++++++----------------- 2021/45xxx/CVE-2021-45788.json | 56 +++++++++++-- 2021/45xxx/CVE-2021-45789.json | 56 +++++++++++-- 2021/45xxx/CVE-2021-45790.json | 56 +++++++++++-- 2021/45xxx/CVE-2021-45843.json | 62 ++++++++++++++ 5 files changed, 284 insertions(+), 90 deletions(-) create mode 100644 2021/45xxx/CVE-2021-45843.json diff --git a/2021/24xxx/CVE-2021-24998.json b/2021/24xxx/CVE-2021-24998.json index e90bf683eef..429698107fe 100644 --- a/2021/24xxx/CVE-2021-24998.json +++ b/2021/24xxx/CVE-2021-24998.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24998", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Simple JWT Login < 3.3.0 - Insecure Password Creation" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Simple JWT Login – Login and Register to WordPress using JWT", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.3.0", - "version_value": "3.3.0" + "CVE_data_meta": { + "ID": "CVE-2021-24998", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple JWT Login < 3.3.0 - Insecure Password Creation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple JWT Login \u2013 Login and Register to WordPress using JWT", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3.0", + "version_value": "3.3.0" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that \"does not generate cryptographically secure values, and should not be used for cryptographic purposes\" according to PHP's documentation." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb", - "name": "https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb" - }, - { - "refsource": "CONFIRM", - "url": "https://plugins.trac.wordpress.org/changeset/2613782", - "name": "https://plugins.trac.wordpress.org/changeset/2613782" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-326 Inadequate Encryption Strength", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that \"does not generate cryptographically secure values, and should not be used for cryptographic purposes\" according to PHP's documentation." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Zian Choy" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb", + "name": "https://wpscan.com/vulnerability/1cca404e-766a-43ab-b41f-77d6a3b282fb" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2613782", + "name": "https://plugins.trac.wordpress.org/changeset/2613782" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-326 Inadequate Encryption Strength", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Zian Choy" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45788.json b/2021/45xxx/CVE-2021-45788.json index 54581f1cfbd..af82994130f 100644 --- a/2021/45xxx/CVE-2021-45788.json +++ b/2021/45xxx/CVE-2021-45788.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45788", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45788", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the \"orders\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8651", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8651" } ] } diff --git a/2021/45xxx/CVE-2021-45789.json b/2021/45xxx/CVE-2021-45789.json index 229635f0fdb..2b156a16425 100644 --- a/2021/45xxx/CVE-2021-45789.json +++ b/2021/45xxx/CVE-2021-45789.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45789", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45789", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8652", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8652" } ] } diff --git a/2021/45xxx/CVE-2021-45790.json b/2021/45xxx/CVE-2021-45790.json index ad4c294d984..736dbd0c5c6 100644 --- a/2021/45xxx/CVE-2021-45790.json +++ b/2021/45xxx/CVE-2021-45790.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45790", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45790", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/metersphere/metersphere/issues/8653", + "refsource": "MISC", + "name": "https://github.com/metersphere/metersphere/issues/8653" } ] } diff --git a/2021/45xxx/CVE-2021-45843.json b/2021/45xxx/CVE-2021-45843.json new file mode 100644 index 00000000000..b75a4e1c1fc --- /dev/null +++ b/2021/45xxx/CVE-2021-45843.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-45843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/glfusion/XSS-Reflected", + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/glfusion/XSS-Reflected" + } + ] + } +} \ No newline at end of file