From 346424480d455d094d2b5ea7c3360c2ca0eac9d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Jun 2021 16:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/23xxx/CVE-2020-23710.json | 56 +++++++- 2021/20xxx/CVE-2021-20413.json | 174 +++++++++++----------- 2021/23xxx/CVE-2021-23926.json | 5 + 2021/29xxx/CVE-2021-29693.json | 200 +++++++++++++------------- 2021/29xxx/CVE-2021-29751.json | 252 ++++++++++++++++---------------- 2021/29xxx/CVE-2021-29775.json | 256 ++++++++++++++++----------------- 2021/34xxx/CVE-2021-34187.json | 71 ++++++++- 2021/34xxx/CVE-2021-34254.json | 56 +++++++- 8 files changed, 611 insertions(+), 459 deletions(-) diff --git a/2020/23xxx/CVE-2020-23710.json b/2020/23xxx/CVE-2020-23710.json index 57e313b57bb..f25840775e1 100644 --- a/2020/23xxx/CVE-2020-23710.json +++ b/2020/23xxx/CVE-2020-23710.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23710", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23710", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LimeSurvey/LimeSurvey/pull/1441#partial-pull-merging", + "refsource": "MISC", + "name": "https://github.com/LimeSurvey/LimeSurvey/pull/1441#partial-pull-merging" } ] } diff --git a/2021/20xxx/CVE-2021-20413.json b/2021/20xxx/CVE-2021-20413.json index a4a8b3e702a..ac4b749981f 100644 --- a/2021/20xxx/CVE-2021-20413.json +++ b/2021/20xxx/CVE-2021-20413.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212." - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6444037 (Guardium Data Encryption)", - "url" : "https://www.ibm.com/support/pages/node/6444037", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6444037" - }, - { - "name" : "ibm-gde-cve202120413-info-disc (196212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196212", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "AC" : "L", - "I" : "N", - "PR" : "L", - "AV" : "N", - "S" : "U", - "UI" : "N", - "SCORE" : "4.300", - "C" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0.4" - } - ] - }, - "product_name" : "Guardium Data Encryption" - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212." } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-06-25T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20413", - "STATE" : "PUBLIC" - } -} + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6444037 (Guardium Data Encryption)", + "url": "https://www.ibm.com/support/pages/node/6444037", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6444037" + }, + { + "name": "ibm-gde-cve202120413-info-disc (196212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196212", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "A": "N", + "AC": "L", + "I": "N", + "PR": "L", + "AV": "N", + "S": "U", + "UI": "N", + "SCORE": "4.300", + "C": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.0.0.4" + } + ] + }, + "product_name": "Guardium Data Encryption" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-06-25T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20413", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23926.json b/2021/23xxx/CVE-2021-23926.json index 5c92117c351..17e650fe673 100644 --- a/2021/23xxx/CVE-2021-23926.json +++ b/2021/23xxx/CVE-2021-23926.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210513-0004/", "url": "https://security.netapp.com/advisory/ntap-20210513-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210628 [SECURITY] [DLA 2693-1] xmlbeans security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html" } ] }, diff --git a/2021/29xxx/CVE-2021-29693.json b/2021/29xxx/CVE-2021-29693.json index 8baa767b1ef..8c881d7da77 100644 --- a/2021/29xxx/CVE-2021-29693.json +++ b/2021/29xxx/CVE-2021-29693.json @@ -1,103 +1,103 @@ { - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6467129", - "url" : "https://www.ibm.com/support/pages/node/6467129", - "title" : "IBM Security Bulletin 6467129 (AIX)" - }, - { - "name" : "ibm-aix-cve202129693-dos (200255)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200255" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "A" : "H", - "I" : "N", - "PR" : "H", - "AV" : "N", - "UI" : "N", - "S" : "U", - "SCORE" : "4.900", - "C" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.1" - } - ] - }, - "product_name" : "VIOS " - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - } - ] - }, - "product_name" : "AIX" - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6467129", + "url": "https://www.ibm.com/support/pages/node/6467129", + "title": "IBM Security Bulletin 6467129 (AIX)" + }, + { + "name": "ibm-aix-cve202129693-dos (200255)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200255" } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-29693", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-06-25T00:00:00" - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "A": "H", + "I": "N", + "PR": "H", + "AV": "N", + "UI": "N", + "S": "U", + "SCORE": "4.900", + "C": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.1" + } + ] + }, + "product_name": "VIOS " + }, + { + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + } + ] + }, + "product_name": "AIX" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29693", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-06-25T00:00:00" + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29751.json b/2021/29xxx/CVE-2021-29751.json index c420a6e84c1..c898bdfe52e 100644 --- a/2021/29xxx/CVE-2021-29751.json +++ b/2021/29xxx/CVE-2021-29751.json @@ -1,128 +1,128 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29751", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-06-25T00:00:00" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Manager", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "8.6" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "18.0" - }, - { - "version_value" : "19.0" - }, - { - "version_value" : "20.0" - } - ] - }, - "product_name" : "Business Automation Workflow" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "20.0.3.IF002" - }, - { - "version_value" : "21.0.1" - } - ] - }, - "product_name" : "Cloud Pak for Automation" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6465127", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6465127", - "title" : "IBM Security Bulletin 6465127 (Cloud Pak for Automation)" - }, - { - "title" : "IBM Security Bulletin 6467055 (Business Automation Workflow)", - "url" : "https://www.ibm.com/support/pages/node/6467055", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6467055" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201779", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-baw-cve202129751-info-disc (201779)", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "3.100", - "C" : "L", - "UI" : "N", - "S" : "U", - "AV" : "N", - "PR" : "L", - "I" : "N", - "AC" : "H", - "A" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-29751", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-06-25T00:00:00" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Manager", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "8.6" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "18.0" + }, + { + "version_value": "19.0" + }, + { + "version_value": "20.0" + } + ] + }, + "product_name": "Business Automation Workflow" + }, + { + "version": { + "version_data": [ + { + "version_value": "20.0.3.IF002" + }, + { + "version_value": "21.0.1" + } + ] + }, + "product_name": "Cloud Pak for Automation" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779." + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6465127", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6465127", + "title": "IBM Security Bulletin 6465127 (Cloud Pak for Automation)" + }, + { + "title": "IBM Security Bulletin 6467055 (Business Automation Workflow)", + "url": "https://www.ibm.com/support/pages/node/6467055", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6467055" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201779", + "title": "X-Force Vulnerability Report", + "name": "ibm-baw-cve202129751-info-disc (201779)", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "3.100", + "C": "L", + "UI": "N", + "S": "U", + "AV": "N", + "PR": "L", + "I": "N", + "AC": "H", + "A": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29775.json b/2021/29xxx/CVE-2021-29775.json index 37774bb713c..a240f134706 100644 --- a/2021/29xxx/CVE-2021-29775.json +++ b/2021/29xxx/CVE-2021-29775.json @@ -1,130 +1,130 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Business Automation Workflow", - "version" : { - "version_data" : [ - { - "version_value" : "18.0.0.0" - }, - { - "version_value" : "18.0.0.1" - }, - { - "version_value" : "18.0.0.2" - }, - { - "version_value" : "19.0.0.1" - }, - { - "version_value" : "19.0.0.2" - }, - { - "version_value" : "19.0.0.3" - }, - { - "version_value" : "20.0.0.1" - }, - { - "version_value" : "20.0.0.2" - } - ] - } - }, - { - "product_name" : "Cloud Pak for Automation", - "version" : { - "version_data" : [ - { - "version_value" : "20.0.3.IF002" - }, - { - "version_value" : "21.0.1" - } - ] - } - } - ] - } - } - ] - } - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Business Automation Workflow\t 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6465127 (Cloud Pak for Automation)", - "url" : "https://www.ibm.com/support/pages/node/6465127", - "name" : "https://www.ibm.com/support/pages/node/6465127", - "refsource" : "CONFIRM" - }, - { - "name" : "https://www.ibm.com/support/pages/node/6467057", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6467057", - "title" : "IBM Security Bulletin 6467057 (Business Automation Workflow)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203029", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-bpm-cve202129775-xss (203029)" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "C" : "L", - "SCORE" : "6.400", - "UI" : "N", - "S" : "C", - "AC" : "L", - "A" : "N", - "PR" : "L", - "I" : "L" - }, - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Business Automation Workflow", + "version": { + "version_data": [ + { + "version_value": "18.0.0.0" + }, + { + "version_value": "18.0.0.1" + }, + { + "version_value": "18.0.0.2" + }, + { + "version_value": "19.0.0.1" + }, + { + "version_value": "19.0.0.2" + }, + { + "version_value": "19.0.0.3" + }, + { + "version_value": "20.0.0.1" + }, + { + "version_value": "20.0.0.2" + } + ] + } + }, + { + "product_name": "Cloud Pak for Automation", + "version": { + "version_data": [ + { + "version_value": "20.0.3.IF002" + }, + { + "version_value": "21.0.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-06-25T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29775", - "ASSIGNER" : "psirt@us.ibm.com" - } -} + } + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6465127 (Cloud Pak for Automation)", + "url": "https://www.ibm.com/support/pages/node/6465127", + "name": "https://www.ibm.com/support/pages/node/6465127", + "refsource": "CONFIRM" + }, + { + "name": "https://www.ibm.com/support/pages/node/6467057", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6467057", + "title": "IBM Security Bulletin 6467057 (Business Automation Workflow)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203029", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-bpm-cve202129775-xss (203029)" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "C": "L", + "SCORE": "6.400", + "UI": "N", + "S": "C", + "AC": "L", + "A": "N", + "PR": "L", + "I": "L" + }, + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-06-25T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-29775", + "ASSIGNER": "psirt@us.ibm.com" + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34187.json b/2021/34xxx/CVE-2021-34187.json index dc55bc13539..4a1407f6b2b 100644 --- a/2021/34xxx/CVE-2021-34187.json +++ b/2021/34xxx/CVE-2021-34187.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34187", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34187", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/f7f93579ed64765c2667910b9c24d031b0a00571", + "refsource": "MISC", + "name": "https://github.com/chamilo/chamilo-lms/commit/f7f93579ed64765c2667910b9c24d031b0a00571" + }, + { + "url": "https://github.com/chamilo/chamilo-lms/commit/005dc8e9eccc6ea35264064ae09e2e84af8d5b59", + "refsource": "MISC", + "name": "https://github.com/chamilo/chamilo-lms/commit/005dc8e9eccc6ea35264064ae09e2e84af8d5b59" + }, + { + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-67-2021-05-27-High-impact-very-high-risk-Unauthenticated-SQL-injection", + "refsource": "MISC", + "name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-67-2021-05-27-High-impact-very-high-risk-Unauthenticated-SQL-injection" + }, + { + "url": "https://murat.one/?p=118", + "refsource": "MISC", + "name": "https://murat.one/?p=118" } ] } diff --git a/2021/34xxx/CVE-2021-34254.json b/2021/34xxx/CVE-2021-34254.json index ccff4858ed6..bad318e97e3 100644 --- a/2021/34xxx/CVE-2021-34254.json +++ b/2021/34xxx/CVE-2021-34254.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34254", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34254", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/umbraco/Umbraco-CMS/issues/9782", + "refsource": "MISC", + "name": "https://github.com/umbraco/Umbraco-CMS/issues/9782" } ] }