diff --git a/2002/0xxx/CVE-2002-0316.json b/2002/0xxx/CVE-2002-0316.json index 63432f2aab4..01ff9090389 100644 --- a/2002/0xxx/CVE-2002-0316.json +++ b/2002/0xxx/CVE-2002-0316.json @@ -66,6 +66,11 @@ "name": "4167", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4167" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2003/0xxx/CVE-2003-0375.json b/2003/0xxx/CVE-2003-0375.json index 89a7a790e79..63760afc654 100644 --- a/2003/0xxx/CVE-2003-0375.json +++ b/2003/0xxx/CVE-2003-0375.json @@ -66,6 +66,11 @@ "name": "20030522 XMB 1.8 Partagium cross site scripting vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105363936402228&w=2" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2003/0xxx/CVE-2003-0483.json b/2003/0xxx/CVE-2003-0483.json index c162bfec150..797b7b5e35d 100644 --- a/2003/0xxx/CVE-2003-0483.json +++ b/2003/0xxx/CVE-2003-0483.json @@ -56,6 +56,11 @@ "name": "20030623 Many XSS Vulnerabilities in XMB Forum.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105638720409307&w=2" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/0xxx/CVE-2004-0322.json b/2004/0xxx/CVE-2004-0322.json index 1f9a96444ee..08bd970064b 100644 --- a/2004/0xxx/CVE-2004-0322.json +++ b/2004/0xxx/CVE-2004-0322.json @@ -81,6 +81,11 @@ "name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/0xxx/CVE-2004-0323.json b/2004/0xxx/CVE-2004-0323.json index 10cbc068131..a58d096aa4c 100644 --- a/2004/0xxx/CVE-2004-0323.json +++ b/2004/0xxx/CVE-2004-0323.json @@ -81,6 +81,11 @@ "name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/1xxx/CVE-2004-1862.json b/2004/1xxx/CVE-2004-1862.json index b226d26f133..8b0927b51fe 100644 --- a/2004/1xxx/CVE-2004-1862.json +++ b/2004/1xxx/CVE-2004-1862.json @@ -96,6 +96,11 @@ "name": "14986", "refsource": "OSVDB", "url": "http://osvdb.org/14986" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/1xxx/CVE-2004-1863.json b/2004/1xxx/CVE-2004-1863.json index 9efee59bcf6..ef3cd061aef 100644 --- a/2004/1xxx/CVE-2004-1863.json +++ b/2004/1xxx/CVE-2004-1863.json @@ -86,6 +86,11 @@ "name": "14991", "refsource": "OSVDB", "url": "http://www.osvdb.org/14991" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/1xxx/CVE-2004-1864.json b/2004/1xxx/CVE-2004-1864.json index 41e2fde220e..b10891942b5 100644 --- a/2004/1xxx/CVE-2004-1864.json +++ b/2004/1xxx/CVE-2004-1864.json @@ -76,6 +76,11 @@ "name": "16886", "refsource": "OSVDB", "url": "http://www.osvdb.org/16886" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2004/2xxx/CVE-2004-2588.json b/2004/2xxx/CVE-2004-2588.json index 47e3effb593..049395243ce 100644 --- a/2004/2xxx/CVE-2004-2588.json +++ b/2004/2xxx/CVE-2004-2588.json @@ -81,6 +81,11 @@ "name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/0xxx/CVE-2005-0885.json b/2005/0xxx/CVE-2005-0885.json index 86b591f0ad2..fe8faf668a1 100644 --- a/2005/0xxx/CVE-2005-0885.json +++ b/2005/0xxx/CVE-2005-0885.json @@ -61,6 +61,11 @@ "name": "1013515", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013515" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/2xxx/CVE-2005-2574.json b/2005/2xxx/CVE-2005-2574.json index dcd860d7ead..645fb16d8b5 100644 --- a/2005/2xxx/CVE-2005-2574.json +++ b/2005/2xxx/CVE-2005-2574.json @@ -61,6 +61,11 @@ "name": "http://forums.xmbforum.com/viewthread.php?tid=754523", "refsource": "MISC", "url": "http://forums.xmbforum.com/viewthread.php?tid=754523" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/2xxx/CVE-2005-2575.json b/2005/2xxx/CVE-2005-2575.json index f4a8fe3fc18..971194a3276 100644 --- a/2005/2xxx/CVE-2005-2575.json +++ b/2005/2xxx/CVE-2005-2575.json @@ -61,6 +61,11 @@ "name": "14523", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14523" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/3xxx/CVE-2005-3544.json b/2005/3xxx/CVE-2005-3544.json index 88f8bdd752a..19f70bcb4b5 100644 --- a/2005/3xxx/CVE-2005-3544.json +++ b/2005/3xxx/CVE-2005-3544.json @@ -76,6 +76,11 @@ "name": "17458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17458" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/3xxx/CVE-2005-3688.json b/2005/3xxx/CVE-2005-3688.json index f93778e0a88..be620300749 100644 --- a/2005/3xxx/CVE-2005-3688.json +++ b/2005/3xxx/CVE-2005-3688.json @@ -81,6 +81,11 @@ "name": "1015237", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015237" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2005/3xxx/CVE-2005-3689.json b/2005/3xxx/CVE-2005-3689.json index cfba22d6ec6..b0e0e05b3dc 100644 --- a/2005/3xxx/CVE-2005-3689.json +++ b/2005/3xxx/CVE-2005-3689.json @@ -76,6 +76,11 @@ "name": "ADV-2005-2488", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2488" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/0xxx/CVE-2006-0365.json b/2006/0xxx/CVE-2006-0365.json index 8ad67fc8ce2..26a75ad8af1 100644 --- a/2006/0xxx/CVE-2006-0365.json +++ b/2006/0xxx/CVE-2006-0365.json @@ -66,6 +66,11 @@ "name": "20060118 XMB Forum HTML Code Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/422277/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/0xxx/CVE-2006-0778.json b/2006/0xxx/CVE-2006-0778.json index 949e39739cf..cffab5b3ed3 100644 --- a/2006/0xxx/CVE-2006-0778.json +++ b/2006/0xxx/CVE-2006-0778.json @@ -96,6 +96,11 @@ "name": "http://www.gulftech.org/?node=research&article_id=00100-02122006", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00100-02122006" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/0xxx/CVE-2006-0779.json b/2006/0xxx/CVE-2006-0779.json index 0a0b74212ff..072dc0ab62c 100644 --- a/2006/0xxx/CVE-2006-0779.json +++ b/2006/0xxx/CVE-2006-0779.json @@ -86,6 +86,11 @@ "name": "http://www.gulftech.org/?node=research&article_id=00100-02122006", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00100-02122006" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/1xxx/CVE-2006-1748.json b/2006/1xxx/CVE-2006-1748.json index 53b6deb298c..0b5947a6d4b 100644 --- a/2006/1xxx/CVE-2006-1748.json +++ b/2006/1xxx/CVE-2006-1748.json @@ -66,6 +66,11 @@ "name": "20060409 XMB Forum 1.9.5-Final XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430432/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/3xxx/CVE-2006-3994.json b/2006/3xxx/CVE-2006-3994.json index 2799657a277..75b805d641d 100644 --- a/2006/3xxx/CVE-2006-3994.json +++ b/2006/3xxx/CVE-2006-3994.json @@ -76,6 +76,11 @@ "name": "ADV-2006-3088", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3088" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2006/4xxx/CVE-2006-4191.json b/2006/4xxx/CVE-2006-4191.json index d761506723b..ce8264918c0 100644 --- a/2006/4xxx/CVE-2006-4191.json +++ b/2006/4xxx/CVE-2006-4191.json @@ -91,6 +91,11 @@ "name": "19494", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19494" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2007/0xxx/CVE-2007-0519.json b/2007/0xxx/CVE-2007-0519.json index c524d425f4d..c29be6d7fda 100644 --- a/2007/0xxx/CVE-2007-0519.json +++ b/2007/0xxx/CVE-2007-0519.json @@ -71,6 +71,11 @@ "name": "http://aria-security.com/forum/showthread.php?p=129", "refsource": "MISC", "url": "http://aria-security.com/forum/showthread.php?p=129" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2007/6xxx/CVE-2007-6728.json b/2007/6xxx/CVE-2007-6728.json index 3b919ebec57..d3a035a5d52 100644 --- a/2007/6xxx/CVE-2007-6728.json +++ b/2007/6xxx/CVE-2007-6728.json @@ -56,6 +56,11 @@ "name": "http://forum.antichat.ru/showpost.php?p=340740", "refsource": "MISC", "url": "http://forum.antichat.ru/showpost.php?p=340740" + }, + { + "refsource": "MISC", + "name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History", + "url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History" } ] } diff --git a/2020/21xxx/CVE-2020-21992.json b/2020/21xxx/CVE-2020-21992.json index 9c4334e1d5c..4a25e4b5549 100644 --- a/2020/21xxx/CVE-2020-21992.json +++ b/2020/21xxx/CVE-2020-21992.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21992", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21992", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php", + "refsource": "MISC", + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5544.php" } ] } diff --git a/2020/21xxx/CVE-2020-21995.json b/2020/21xxx/CVE-2020-21995.json index 8ce4249410a..c92994c59bb 100644 --- a/2020/21xxx/CVE-2020-21995.json +++ b/2020/21xxx/CVE-2020-21995.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21995", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21995", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php", + "refsource": "MISC", + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5546.php" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/47763" } ] } diff --git a/2020/21xxx/CVE-2020-21997.json b/2020/21xxx/CVE-2020-21997.json index 303a090556b..4e16448ae6c 100644 --- a/2020/21xxx/CVE-2020-21997.json +++ b/2020/21xxx/CVE-2020-21997.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21997", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21997", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php", + "refsource": "MISC", + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.php" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/47596" } ] } diff --git a/2020/22xxx/CVE-2020-22002.json b/2020/22xxx/CVE-2020-22002.json index 173e559de28..7d675e5461b 100644 --- a/2020/22xxx/CVE-2020-22002.json +++ b/2020/22xxx/CVE-2020-22002.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22002", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22002", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php", + "refsource": "MISC", + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5545.php" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172839" } ] } diff --git a/2021/1xxx/CVE-2021-1640.json b/2021/1xxx/CVE-2021-1640.json index 07c8a4fbb0b..21c4eb7d3d1 100644 --- a/2021/1xxx/CVE-2021-1640.json +++ b/2021/1xxx/CVE-2021-1640.json @@ -267,6 +267,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-493/" } ] } diff --git a/2021/20xxx/CVE-2021-20090.json b/2021/20xxx/CVE-2021-20090.json index 13b0611438a..2a7e2a79b97 100644 --- a/2021/20xxx/CVE-2021-20090.json +++ b/2021/20xxx/CVE-2021-20090.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3", + "version": { + "version_data": [ + { + "version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-13", + "url": "https://www.tenable.com/security/research/tra-2021-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication." } ] } diff --git a/2021/20xxx/CVE-2021-20091.json b/2021/20xxx/CVE-2021-20091.json index 0f61374df4b..4b0e9af234f 100644 --- a/2021/20xxx/CVE-2021-20091.json +++ b/2021/20xxx/CVE-2021-20091.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3", + "version": { + "version_data": [ + { + "version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Static Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-13", + "url": "https://www.tenable.com/security/research/tra-2021-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution." } ] } diff --git a/2021/20xxx/CVE-2021-20092.json b/2021/20xxx/CVE-2021-20092.json index ff50cf81464..2a967015760 100644 --- a/2021/20xxx/CVE-2021-20092.json +++ b/2021/20xxx/CVE-2021-20092.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3", + "version": { + "version_data": [ + { + "version_value": "WSR-2533DHPL2 <=1.02, WSR-2533DHP3 <= 1.24" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-13", + "url": "https://www.tenable.com/security/research/tra-2021-13" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor." } ] } diff --git a/2021/20xxx/CVE-2021-20095.json b/2021/20xxx/CVE-2021-20095.json index 3e140f60725..e4bf3d48e33 100644 --- a/2021/20xxx/CVE-2021-20095.json +++ b/2021/20xxx/CVE-2021-20095.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Babel", + "version": { + "version_data": [ + { + "version_value": "2.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal / Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-14", + "url": "https://www.tenable.com/security/research/tra-2021-14" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code." } ] } diff --git a/2021/25xxx/CVE-2021-25214.json b/2021/25xxx/CVE-2021-25214.json index 86668e2492f..8e80e734c60 100644 --- a/2021/25xxx/CVE-2021-25214.json +++ b/2021/25xxx/CVE-2021-25214.json @@ -115,6 +115,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3" } ] }, diff --git a/2021/25xxx/CVE-2021-25215.json b/2021/25xxx/CVE-2021-25215.json index 7dbc45acf8e..c0c0e233c61 100644 --- a/2021/25xxx/CVE-2021-25215.json +++ b/2021/25xxx/CVE-2021-25215.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3" } ] }, diff --git a/2021/25xxx/CVE-2021-25216.json b/2021/25xxx/CVE-2021-25216.json index c1372896771..861f90a583b 100644 --- a/2021/25xxx/CVE-2021-25216.json +++ b/2021/25xxx/CVE-2021-25216.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", "url": "http://www.openwall.com/lists/oss-security/2021/04/29/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)", + "url": "http://www.openwall.com/lists/oss-security/2021/04/29/3" } ] }, diff --git a/2021/27xxx/CVE-2021-27077.json b/2021/27xxx/CVE-2021-27077.json index 1420ec25c34..c36dd027dd0 100644 --- a/2021/27xxx/CVE-2021-27077.json +++ b/2021/27xxx/CVE-2021-27077.json @@ -282,6 +282,46 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-499/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-499/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-494/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-494/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-497/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-497/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-501/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-501/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-500/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-500/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-496/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-496/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-498/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-498/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-495/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-495/" } ] } diff --git a/2021/27xxx/CVE-2021-27651.json b/2021/27xxx/CVE-2021-27651.json index 3bf352eeaaa..264a75b9f7b 100644 --- a/2021/27xxx/CVE-2021-27651.json +++ b/2021/27xxx/CVE-2021-27651.json @@ -4,14 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pega.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pegasystems", + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "8.2.1" + }, + { + "version_affected": "<", + "version_value": "8.5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": "Samuel Curry (@samwcyo), Brett Buerhaus (@bbuerhaus), Maik Robert (@xEHLE_), Justin Rhinehart (@sshell_)", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "AC": "L", + "PR": "N", + "UI": "N", + "S": "U", + "C": "H", + "I": "H", + "A": "H", + "SCORE": "9.8" + }, + "TM": { + "E": "F", + "RL": "O", + "RC": "C" + }, + "EM": { + "CR": "H", + "IR": "H", + "AR": "H", + "MAV": "N", + "MAC": "L", + "MPR": "N", + "MUI": "R", + "MS": "U", + "MC": "L", + "MI": "L", + "MA": "L" + } + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix", + "url": "https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks." } ] } diff --git a/2021/28xxx/CVE-2021-28280.json b/2021/28xxx/CVE-2021-28280.json index 28deec1e6a6..1752b2c706a 100644 --- a/2021/28xxx/CVE-2021-28280.json +++ b/2021/28xxx/CVE-2021-28280.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28280", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28280", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://anotepad.com/notes/2skndayt", + "refsource": "MISC", + "name": "https://anotepad.com/notes/2skndayt" + }, + { + "url": "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c", + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c" + }, + { + "url": "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd", + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd" + }, + { + "url": "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6", + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6" + }, + { + "url": "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b", + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b" } ] } diff --git a/2021/28xxx/CVE-2021-28899.json b/2021/28xxx/CVE-2021-28899.json index ec74244f4a7..fb46533f975 100644 --- a/2021/28xxx/CVE-2021-28899.json +++ b/2021/28xxx/CVE-2021-28899.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28899", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28899", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", + "refsource": "MISC", + "name": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html" } ] } diff --git a/2021/30xxx/CVE-2021-30027.json b/2021/30xxx/CVE-2021-30027.json index 19c4c07b2bf..cd2eda4d8ff 100644 --- a/2021/30xxx/CVE-2021-30027.json +++ b/2021/30xxx/CVE-2021-30027.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mity/md4c/issues/155", + "refsource": "MISC", + "name": "https://github.com/mity/md4c/issues/155" + }, + { + "refsource": "MISC", + "name": "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19", + "url": "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19" } ] } diff --git a/2021/30xxx/CVE-2021-30218.json b/2021/30xxx/CVE-2021-30218.json index 65919976696..b53ab421fce 100644 --- a/2021/30xxx/CVE-2021-30218.json +++ b/2021/30xxx/CVE-2021-30218.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30218", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30218", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/michaelforney/samurai/issues/67", + "refsource": "MISC", + "name": "https://github.com/michaelforney/samurai/issues/67" + }, + { + "refsource": "MISC", + "name": "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918", + "url": "https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918" } ] } diff --git a/2021/30xxx/CVE-2021-30219.json b/2021/30xxx/CVE-2021-30219.json index 264739e532c..744610b8e2f 100644 --- a/2021/30xxx/CVE-2021-30219.json +++ b/2021/30xxx/CVE-2021-30219.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30219", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30219", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/michaelforney/samurai/issues/68", + "refsource": "MISC", + "name": "https://github.com/michaelforney/samurai/issues/68" + }, + { + "refsource": "MISC", + "name": "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655", + "url": "https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655" } ] } diff --git a/2021/30xxx/CVE-2021-30224.json b/2021/30xxx/CVE-2021-30224.json index 070e834fa04..7af5c44fb54 100644 --- a/2021/30xxx/CVE-2021-30224.json +++ b/2021/30xxx/CVE-2021-30224.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30224", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30224", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760", + "url": "https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760" + }, + { + "url": "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2", + "refsource": "MISC", + "name": "https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2" } ] } diff --git a/2021/30xxx/CVE-2021-30638.json b/2021/30xxx/CVE-2021-30638.json index faa6c867e80..2b2cec848fe 100644 --- a/2021/30xxx/CVE-2021-30638.json +++ b/2021/30xxx/CVE-2021-30638.json @@ -73,6 +73,16 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E", "name": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later", + "url": "http://www.openwall.com/lists/oss-security/2021/04/27/3" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/" } ] },