admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

JPCERT/CC 2021-06-22-10-20

Browse Source
This commit is contained in:
Ikuya Fukumoto 2021-06-22 10:21:29 +09:00
parent 842d6eec19
commit 2884a952ce
No known key found for this signature in database
GPG Key ID: 603034D3468A3441
9 changed files with 429 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2021/20xxx/CVE-2021-20733.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "asken Inc.",
"product": {
"product_data": [
{
"product_name": "あすけんダイエット (asken diet) for Android",
"version": {
"version_data": [
{
"version_value": "versions from v.3.0.0 to v.4.2.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.asken.jp/s/login/?to=/information"
},
{
"url": "https://jvn.jp/en/jp/JVN38034268/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
}

50
2021/20xxx/CVE-2021-20734.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Collne Inc.",
"product": {
"product_data": [
{
"product_name": "Welcart e-Commerce",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.2.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.welcart.com/archives/14039.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70566757/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
}

56
2021/20xxx/CVE-2021-20735.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ETUNA",
"product": {
"product_data": [
{
"product_name": "ETUNA EC-CUBE plugins",
"version": {
"version_data": [
{
"version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
}
]
}

50
2021/20xxx/CVE-2021-20736.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WESEEK, Inc.",
"product": {
"product_data": [
{
"product_name": "GROWI",
"version": {
"version_data": [
{
"version_value": "versions prior to v4.2.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NoSQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2021/06/14/vulnerability/growi-nosql-ingection/"
},
{
"url": "https://jvn.jp/en/jp/JVN95457785/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors."
}
]
}

50
2021/20xxx/CVE-2021-20737.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WESEEK, Inc.",
"product": {
"product_data": [
{
"product_name": "GROWI",
"version": {
"version_data": [
{
"version_value": "versions prior to v4.2.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://weseek.co.jp/security/2021/06/14/vulnerability/growi-nosql-ingection/"
},
{
"url": "https://jvn.jp/en/jp/JVN95457785/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors."
}
]
}

50
2021/20xxx/CVE-2021-20741.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi",
"product": {
"product_data": [
{
"product_name": "Hitachi Application Server Help",
"version": {
"version_data": [
{
"version_value": "Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-104"
},
{
"url": "https://jvn.jp/en/jp/JVN03776901/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
}

50
2021/20xxx/CVE-2021-20742.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EC-CUBE CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "EC-CUBE Business form output plugin (for EC-CUBE 3.0 series)",
"version": {
"version_data": [
{
"version_value": "versions prior to version 1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/products/detail.php?product_id=959"
},
{
"url": "https://jvn.jp/en/jp/JVN57524494/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector."
}
]
}

50
2021/20xxx/CVE-2021-20743.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EC-CUBE CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series)",
"version": {
"version_data": [
{
"version_value": "versions prior to version 1.0.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/products/detail.php?product_id=960"
},
{
"url": "https://jvn.jp/en/jp/JVN57524494/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation."
}
]
}

50
2021/20xxx/CVE-2021-20744.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EC-CUBE CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "EC-CUBE Category contents plugin (for EC-CUBE 3.0 series)",
"version": {
"version_data": [
{
"version_value": "versions prior to version 1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/products/detail.php?product_id=1070"
},
{
"url": "https://jvn.jp/en/jp/JVN57524494/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation."
}
]
}