admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-28 14:00:56 +00:00
parent ea212cdcf5
commit 23e4ce7461
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 227 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2021/22xxx/CVE-2021-22535.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@microfocus.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Directory and Resource Administrator (DRA)",
"version": {
"version_data": [
{
"version_value": "All DRA versions prior to 10.1 Patch 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized information security disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.microfocus.com/kb/doc.php?id=7025273",
"url": "https://support.microfocus.com/kb/doc.php?id=7025273"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure."
}
]
}

2
2021/33xxx/CVE-2021-33904.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS."
"value": "** DISPUTED ** In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states \"there are configurable security flags and we are unable to reproduce them with the available information.\""
}
]
},

2
2021/34xxx/CVE-2021-34369.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value."
"value": "** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states \"the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.\""
}
]
},

2
2021/34xxx/CVE-2021-34370.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS."
"value": "** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states \"there are configurable security flags and we are unable to reproduce them with the available information.\""
}
]
},

100
2021/34xxx/CVE-2021-34636.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-09-27T13:41:00.000Z",
"ID": "CVE-2021-34636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Countdown and CountUp, WooCommerce Sales Timers",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.5.7",
"version_value": "1.5.7"
}
]
}
}
]
},
"vendor_name": "WpDevArt"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xu-Liang Liao"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636",
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34636"
},
{
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php",
"name": "https://plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update plugin to version 1.5.8 or newer. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2021/38xxx/CVE-2021-38124.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@microfocus.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ArcSight Enterprise Security Manager (ESM).",
"version": {
"version_data": [
{
"version_value": "ArcSight ESM versions 7.0.2 through 7.5."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://portal.microfocus.com/s/article/KM000001960",
"url": "https://portal.microfocus.com/s/article/KM000001960"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution."
}
]
}

18
2021/41xxx/CVE-2021-41768.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/41xxx/CVE-2021-41769.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}