From 26e0101f1308c01ac0c79e0835c77db5bd10abbb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 5 Feb 2021 16:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17160.json | 50 ++------------------------ 2020/18xxx/CVE-2020-18737.json | 56 +++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23160.json | 9 +++-- 2020/23xxx/CVE-2020-23161.json | 9 +++-- 2020/23xxx/CVE-2020-23162.json | 9 +++-- 2021/25xxx/CVE-2021-25646.json | 10 ++++++ 2021/26xxx/CVE-2021-26711.json | 2 +- 2021/26xxx/CVE-2021-26718.json | 18 ++++++++++ 2021/3xxx/CVE-2021-3258.json | 66 ++++++++++++++++++++++++++++++---- 2021/3xxx/CVE-2021-3382.json | 56 +++++++++++++++++++++++++---- 10 files changed, 213 insertions(+), 72 deletions(-) create mode 100644 2021/26xxx/CVE-2021-26718.json diff --git a/2020/17xxx/CVE-2020-17160.json b/2020/17xxx/CVE-2020-17160.json index c7a8ab7ba85..3e8ce9f4e6b 100644 --- a/2020/17xxx/CVE-2020-17160.json +++ b/2020/17xxx/CVE-2020-17160.json @@ -3,59 +3,15 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-17160", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "None affected", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": ", aka 'RETRACTED'." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17160", - "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17160" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2020/18xxx/CVE-2020-18737.json b/2020/18xxx/CVE-2020-18737.json index 82082117860..651a0b51602 100644 --- a/2020/18xxx/CVE-2020-18737.json +++ b/2020/18xxx/CVE-2020-18737.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18737", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18737", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/typora/typora-issues/issues/2289", + "refsource": "MISC", + "name": "https://github.com/typora/typora-issues/issues/2289" } ] } diff --git a/2020/23xxx/CVE-2020-23160.json b/2020/23xxx/CVE-2020-23160.json index 469d36bba95..5e2caf60c84 100644 --- a/2020/23xxx/CVE-2020-23160.json +++ b/2020/23xxx/CVE-2020-23160.json @@ -59,8 +59,13 @@ }, { "refsource": "MISC", - "name": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760", - "url": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760" + "name": "https://github.com/Outpost24/Pyrescom-Termod-PoC", + "url": "https://github.com/Outpost24/Pyrescom-Termod-PoC" + }, + { + "refsource": "MISC", + "name": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device", + "url": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device" } ] } diff --git a/2020/23xxx/CVE-2020-23161.json b/2020/23xxx/CVE-2020-23161.json index d8e34444d48..810fc56be08 100644 --- a/2020/23xxx/CVE-2020-23161.json +++ b/2020/23xxx/CVE-2020-23161.json @@ -59,8 +59,13 @@ }, { "refsource": "MISC", - "name": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760", - "url": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760" + "name": "https://github.com/Outpost24/Pyrescom-Termod-PoC", + "url": "https://github.com/Outpost24/Pyrescom-Termod-PoC" + }, + { + "refsource": "MISC", + "name": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device", + "url": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device" } ] } diff --git a/2020/23xxx/CVE-2020-23162.json b/2020/23xxx/CVE-2020-23162.json index fa9fc19b5a9..dae3140b3cf 100644 --- a/2020/23xxx/CVE-2020-23162.json +++ b/2020/23xxx/CVE-2020-23162.json @@ -59,8 +59,13 @@ }, { "refsource": "MISC", - "name": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760", - "url": "https://gist.github.com/O24-vdT/85c6aa87f40a6af40dcb03b5b1381760" + "name": "https://github.com/Outpost24/Pyrescom-Termod-PoC", + "url": "https://github.com/Outpost24/Pyrescom-Termod-PoC" + }, + { + "refsource": "MISC", + "name": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device", + "url": "https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device" } ] } diff --git a/2021/25xxx/CVE-2021-25646.json b/2021/25xxx/CVE-2021-25646.json index db921ad2fd0..d623508b5ee 100644 --- a/2021/25xxx/CVE-2021-25646.json +++ b/2021/25xxx/CVE-2021-25646.json @@ -104,6 +104,16 @@ "refsource": "MLIST", "name": "[druid-commits] 20210204 [GitHub] [druid] jihoonson opened a new pull request #10854: [Backport] Fix CVE-2021-25646", "url": "https://lists.apache.org/thread.html/r121abe8014d381943b63c60615149d40bde9dc1c868bcee90d0d0848@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20210204 [druid] branch 0.21.0 updated: Fix CVE-2021-25646 (#10818) (#10854)", + "url": "https://lists.apache.org/thread.html/rfeb775822cd3baef1595b60f6860f5ca849eb1903236483f3297bd5c@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20210204 [GitHub] [druid] jihoonson merged pull request #10854: [Backport] Fix CVE-2021-25646", + "url": "https://lists.apache.org/thread.html/r04fa1ba93599487c95a8497044d37f8c02a439bfcf92b4567bfb7c8f@%3Ccommits.druid.apache.org%3E" } ] }, diff --git a/2021/26xxx/CVE-2021-26711.json b/2021/26xxx/CVE-2021-26711.json index 1b9935fd545..0a19fc45921 100644 --- a/2021/26xxx/CVE-2021-26711.json +++ b/2021/26xxx/CVE-2021-26711.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter." + "value": "A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter." } ] }, diff --git a/2021/26xxx/CVE-2021-26718.json b/2021/26xxx/CVE-2021-26718.json new file mode 100644 index 00000000000..b49cf029321 --- /dev/null +++ b/2021/26xxx/CVE-2021-26718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-26718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3258.json b/2021/3xxx/CVE-2021-3258.json index d23bfd6da32..303c88861c7 100644 --- a/2021/3xxx/CVE-2021-3258.json +++ b/2021/3xxx/CVE-2021-3258.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3258", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3258", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nirmaldahal.com.np/sxss-to-defacement-and-account-takeover/", + "refsource": "MISC", + "name": "https://nirmaldahal.com.np/sxss-to-defacement-and-account-takeover/" + }, + { + "url": "https://www.question2answer.org/qa/58520/important-q2a-ultimate-seo-important-update", + "refsource": "MISC", + "name": "https://www.question2answer.org/qa/58520/important-q2a-ultimate-seo-important-update" + }, + { + "url": "https://github.com/q2a-projects/Q2A-Ultimate-SEO/commit/20069f28147c6f2c3acca4e3f6f5154537c5d536", + "refsource": "MISC", + "name": "https://github.com/q2a-projects/Q2A-Ultimate-SEO/commit/20069f28147c6f2c3acca4e3f6f5154537c5d536" } ] } diff --git a/2021/3xxx/CVE-2021-3382.json b/2021/3xxx/CVE-2021-3382.json index 9714c97f768..6dbdcf6d4e5 100644 --- a/2021/3xxx/CVE-2021-3382.json +++ b/2021/3xxx/CVE-2021-3382.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3382", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3382", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/go-gitea/gitea/pull/14390", + "refsource": "MISC", + "name": "https://github.com/go-gitea/gitea/pull/14390" } ] }