diff --git a/2021/27xxx/CVE-2021-27746.json b/2021/27xxx/CVE-2021-27746.json index 936959ab6f6..b393d035568 100644 --- a/2021/27xxx/CVE-2021-27746.json +++ b/2021/27xxx/CVE-2021-27746.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL Connections\"", + "version": { + "version_data": [ + { + "version_value": "\"HCL Connections 6.0\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Cross-Site Scripting (XSS)\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0094194", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0094194" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability\"" } ] } diff --git a/2021/36xxx/CVE-2021-36869.json b/2021/36xxx/CVE-2021-36869.json index d5b8bcda4dc..1ee9047e5d8 100644 --- a/2021/36xxx/CVE-2021-36869.json +++ b/2021/36xxx/CVE-2021-36869.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-10-01T10:48:00.000Z", "ID": "CVE-2021-36869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ivory Search (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 4.6.6", + "version_value": "4.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Ivory Search" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Original researcher - Tien Nguyen Anh (Patchstack Red Team)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/add-search-to-menu/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/add-search-to-menu/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 4.7 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39349.json b/2021/39xxx/CVE-2021-39349.json index b76b353c904..1918cd29e0e 100644 --- a/2021/39xxx/CVE-2021-39349.json +++ b/2021/39xxx/CVE-2021-39349.json @@ -45,7 +45,7 @@ "description_data": [ { "lang": "eng", - "value": "The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." + "value": "The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." } ] }, diff --git a/2021/41xxx/CVE-2021-41168.json b/2021/41xxx/CVE-2021-41168.json index 202d09d2b52..546f31603e2 100644 --- a/2021/41xxx/CVE-2021-41168.json +++ b/2021/41xxx/CVE-2021-41168.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0.\n" + "value": "Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0." } ] }, diff --git a/2021/41xxx/CVE-2021-41169.json b/2021/41xxx/CVE-2021-41169.json index 9403310210d..816dd87b1c3 100644 --- a/2021/41xxx/CVE-2021-41169.json +++ b/2021/41xxx/CVE-2021-41169.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.\n" + "value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade." } ] }, diff --git a/2021/42xxx/CVE-2021-42096.json b/2021/42xxx/CVE-2021-42096.json index b9292b49b97..98d97661a77 100644 --- a/2021/42xxx/CVE-2021-42096.json +++ b/2021/42xxx/CVE-2021-42096.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://bugs.launchpad.net/mailman/+bug/1947639", "url": "https://bugs.launchpad.net/mailman/+bug/1947639" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211021 Mailman 2.1.35 security release", + "url": "http://www.openwall.com/lists/oss-security/2021/10/21/4" } ] } diff --git a/2021/42xxx/CVE-2021-42097.json b/2021/42xxx/CVE-2021-42097.json index 707dd3a95e0..cc86e90d8c0 100644 --- a/2021/42xxx/CVE-2021-42097.json +++ b/2021/42xxx/CVE-2021-42097.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://bugs.launchpad.net/mailman/+bug/1947640", "url": "https://bugs.launchpad.net/mailman/+bug/1947640" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211021 Mailman 2.1.35 security release", + "url": "http://www.openwall.com/lists/oss-security/2021/10/21/4" } ] } diff --git a/2021/42xxx/CVE-2021-42798.json b/2021/42xxx/CVE-2021-42798.json new file mode 100644 index 00000000000..f69b25d02e3 --- /dev/null +++ b/2021/42xxx/CVE-2021-42798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42799.json b/2021/42xxx/CVE-2021-42799.json new file mode 100644 index 00000000000..1f99bb7eda4 --- /dev/null +++ b/2021/42xxx/CVE-2021-42799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42800.json b/2021/42xxx/CVE-2021-42800.json new file mode 100644 index 00000000000..1174a8f2bd4 --- /dev/null +++ b/2021/42xxx/CVE-2021-42800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42801.json b/2021/42xxx/CVE-2021-42801.json new file mode 100644 index 00000000000..539de627f2e --- /dev/null +++ b/2021/42xxx/CVE-2021-42801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42802.json b/2021/42xxx/CVE-2021-42802.json new file mode 100644 index 00000000000..6ad922268b2 --- /dev/null +++ b/2021/42xxx/CVE-2021-42802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42803.json b/2021/42xxx/CVE-2021-42803.json new file mode 100644 index 00000000000..4573fa5d29a --- /dev/null +++ b/2021/42xxx/CVE-2021-42803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42804.json b/2021/42xxx/CVE-2021-42804.json new file mode 100644 index 00000000000..77427d473c4 --- /dev/null +++ b/2021/42xxx/CVE-2021-42804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42805.json b/2021/42xxx/CVE-2021-42805.json new file mode 100644 index 00000000000..db62a559019 --- /dev/null +++ b/2021/42xxx/CVE-2021-42805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42806.json b/2021/42xxx/CVE-2021-42806.json new file mode 100644 index 00000000000..88e2784caed --- /dev/null +++ b/2021/42xxx/CVE-2021-42806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42807.json b/2021/42xxx/CVE-2021-42807.json new file mode 100644 index 00000000000..6dcc3ea459a --- /dev/null +++ b/2021/42xxx/CVE-2021-42807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42808.json b/2021/42xxx/CVE-2021-42808.json new file mode 100644 index 00000000000..30c7dbc57df --- /dev/null +++ b/2021/42xxx/CVE-2021-42808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42809.json b/2021/42xxx/CVE-2021-42809.json new file mode 100644 index 00000000000..b8ade95db00 --- /dev/null +++ b/2021/42xxx/CVE-2021-42809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42810.json b/2021/42xxx/CVE-2021-42810.json new file mode 100644 index 00000000000..b8b0f2bee62 --- /dev/null +++ b/2021/42xxx/CVE-2021-42810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42811.json b/2021/42xxx/CVE-2021-42811.json new file mode 100644 index 00000000000..bbc4886ab51 --- /dev/null +++ b/2021/42xxx/CVE-2021-42811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42812.json b/2021/42xxx/CVE-2021-42812.json new file mode 100644 index 00000000000..dc897d6276c --- /dev/null +++ b/2021/42xxx/CVE-2021-42812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file