admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-29 15:00:49 +00:00
parent a506c7d8e5
commit 3c4156896e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
44 changed files with 1029 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2002/0xxx/CVE-2002-0316.json
View File

@ -66,6 +66,11 @@
"name": "4167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4167"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2003/0xxx/CVE-2003-0375.json
View File

@ -66,6 +66,11 @@
"name": "20030522 XMB 1.8 Partagium cross site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105363936402228&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2003/0xxx/CVE-2003-0483.json
View File

@ -56,6 +56,11 @@
"name": "20030623 Many XSS Vulnerabilities in XMB Forum.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105638720409307&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/0xxx/CVE-2004-0322.json
View File

@ -81,6 +81,11 @@
"name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/0xxx/CVE-2004-0323.json
View File

@ -81,6 +81,11 @@
"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1862.json
View File

@ -96,6 +96,11 @@
"name": "14986",
"refsource": "OSVDB",
"url": "http://osvdb.org/14986"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1863.json
View File

@ -86,6 +86,11 @@
"name": "14991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14991"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1864.json
View File

@ -76,6 +76,11 @@
"name": "16886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16886"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/2xxx/CVE-2004-2588.json
View File

@ -81,6 +81,11 @@
"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/0xxx/CVE-2005-0885.json
View File

@ -61,6 +61,11 @@
"name": "1013515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013515"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/2xxx/CVE-2005-2574.json
View File

@ -61,6 +61,11 @@
"name": "http://forums.xmbforum.com/viewthread.php?tid=754523",
"refsource": "MISC",
"url": "http://forums.xmbforum.com/viewthread.php?tid=754523"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/2xxx/CVE-2005-2575.json
View File

@ -61,6 +61,11 @@
"name": "14523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14523"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3544.json
View File

@ -76,6 +76,11 @@
"name": "17458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17458"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3688.json
View File

@ -81,6 +81,11 @@
"name": "1015237",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015237"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3689.json
View File

@ -76,6 +76,11 @@
"name": "ADV-2005-2488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2488"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0365.json
View File

@ -66,6 +66,11 @@
"name": "20060118 XMB Forum HTML Code Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422277/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0778.json
View File

@ -96,6 +96,11 @@
"name": "http://www.gulftech.org/?node=research&article_id=00100-02122006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0779.json
View File

@ -86,6 +86,11 @@
"name": "http://www.gulftech.org/?node=research&article_id=00100-02122006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/1xxx/CVE-2006-1748.json
View File

@ -66,6 +66,11 @@
"name": "20060409 XMB Forum 1.9.5-Final XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430432/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/3xxx/CVE-2006-3994.json
View File

@ -76,6 +76,11 @@
"name": "ADV-2006-3088",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3088"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/4xxx/CVE-2006-4191.json
View File

@ -91,6 +91,11 @@
"name": "19494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19494"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2007/0xxx/CVE-2007-0519.json
View File

@ -71,6 +71,11 @@
"name": "http://aria-security.com/forum/showthread.php?p=129",
"refsource": "MISC",
"url": "http://aria-security.com/forum/showthread.php?p=129"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2007/6xxx/CVE-2007-6728.json
View File

@ -56,6 +56,11 @@
"name": "http://forum.antichat.ru/showpost.php?p=340740",
"refsource": "MISC",
"url": "http://forum.antichat.ru/showpost.php?p=340740"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

56
2020/21xxx/CVE-2020-21992.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21992",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php",
"refsource": "MISC",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php"
}
]
}

61
2020/21xxx/CVE-2020-21995.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21995",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php",
"refsource": "MISC",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/47763"
}
]
}

61
2020/21xxx/CVE-2020-21997.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php",
"refsource": "MISC",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/47596"
}
]
}

61
2020/22xxx/CVE-2020-22002.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-22002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-22002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php",
"refsource": "MISC",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839"
}
]
}

5
2021/1xxx/CVE-2021-1640.json
View File

@ -267,6 +267,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/"
}
]
}

50
2021/20xxx/CVE-2021-20090.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3",
"version": {
"version_data": [
{
"version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-13",
"url": "https://www.tenable.com/security/research/tra-2021-13"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication."
}
]
}

50
2021/20xxx/CVE-2021-20091.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3",
"version": {
"version_data": [
{
"version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Static Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-13",
"url": "https://www.tenable.com/security/research/tra-2021-13"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution."
}
]
}

50
2021/20xxx/CVE-2021-20092.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3",
"version": {
"version_data": [
{
"version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-13",
"url": "https://www.tenable.com/security/research/tra-2021-13"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor."
}
]
}

50
2021/20xxx/CVE-2021-20095.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Babel",
"version": {
"version_data": [
{
"version_value": "2.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal / Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-14",
"url": "https://www.tenable.com/security/research/tra-2021-14"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code."
}
]
}

10
2021/25xxx/CVE-2021-25214.json
View File

@ -115,6 +115,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
}
]
},

10
2021/25xxx/CVE-2021-25215.json
View File

@ -111,6 +111,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
}
]
},

10
2021/25xxx/CVE-2021-25216.json
View File

@ -111,6 +111,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
}
]
},

40
2021/27xxx/CVE-2021-27077.json
View File

@ -282,6 +282,46 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-499/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-499/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-494/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-494/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-497/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-497/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-501/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-501/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-500/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-500/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-496/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-496/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-498/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-498/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-495/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-495/"
}
]
}

89
2021/27xxx/CVE-2021-27651.json
View File

@ -4,14 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@pega.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pegasystems",
"product": {
"product_data": [
{
"product_name": "Pega Infinity",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "8.2.1"
},
{
"version_affected": "<",
"version_value": "8.5.2"
}
]
}
}
]
}
}
]
}
},
"credit": "Samuel Curry (@samwcyo), Brett Buerhaus (@bbuerhaus), Maik Robert (@xEHLE_), Justin Rhinehart (@sshell_)",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"AC": "L",
"PR": "N",
"UI": "N",
"S": "U",
"C": "H",
"I": "H",
"A": "H",
"SCORE": "9.8"
},
"TM": {
"E": "F",
"RL": "O",
"RC": "C"
},
"EM": {
"CR": "H",
"IR": "H",
"AR": "H",
"MAV": "N",
"MAC": "L",
"MPR": "N",
"MUI": "R",
"MS": "U",
"MC": "L",
"MI": "L",
"MA": "L"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix",
"url": "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks."
}
]
}

76
2021/28xxx/CVE-2021-28280.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://anotepad.com/notes/2skndayt",
"refsource": "MISC",
"name": "https://anotepad.com/notes/2skndayt"
},
{
"url": "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c",
"refsource": "MISC",
"name": "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c"
},
{
"url": "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd",
"refsource": "MISC",
"name": "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd"
},
{
"url": "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6",
"refsource": "MISC",
"name": "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6"
},
{
"url": "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b",
"refsource": "MISC",
"name": "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b"
}
]
}

56
2021/28xxx/CVE-2021-28899.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html",
"refsource": "MISC",
"name": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
]
}

61
2021/30xxx/CVE-2021-30027.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mity/md4c/issues/155",
"refsource": "MISC",
"name": "https://github.com/mity/md4c/issues/155"
},
{
"refsource": "MISC",
"name": "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19",
"url": "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19"
}
]
}

61
2021/30xxx/CVE-2021-30218.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/michaelforney/samurai/issues/67",
"refsource": "MISC",
"name": "https://github.com/michaelforney/samurai/issues/67"
},
{
"refsource": "MISC",
"name": "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918",
"url": "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918"
}
]
}

61
2021/30xxx/CVE-2021-30219.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/michaelforney/samurai/issues/68",
"refsource": "MISC",
"name": "https://github.com/michaelforney/samurai/issues/68"
},
{
"refsource": "MISC",
"name": "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655",
"url": "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655"
}
]
}

61
2021/30xxx/CVE-2021-30224.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760",
"url": "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760"
},
{
"url": "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2",
"refsource": "MISC",
"name": "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2"
}
]
}

10
2021/30xxx/CVE-2021-30638.json
View File

@ -73,6 +73,16 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E",
"name": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
}
]
},