admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-30 14:10:42 +00:00
parent 47f2e37987
commit 3e116a65b8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
55 changed files with 1459 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2011/5xxx/CVE-2011-5034.json
View File

@ -131,6 +131,11 @@
"refsource": "MLIST",
"name": "[geronimo-dev] 20210727 [jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034",
"url": "https://lists.apache.org/thread.html/ra10015f6f3c3c88b7d813383554e87c06347fe163487148669189b8e@%3Cdev.geronimo.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[geronimo-dev] 20210728 [jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034",
"url": "https://lists.apache.org/thread.html/ra1fe29f6399b68980f914d8613dee7f67d62a1a97722fe9cd56f4f5f@%3Cdev.geronimo.apache.org%3E"
}
]
}

5
2017/12xxx/CVE-2017-12629.json
View File

@ -192,6 +192,11 @@
"refsource": "MLIST",
"name": "[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"
}
]
}

5
2019/0xxx/CVE-2019-0193.json
View File

@ -148,6 +148,11 @@
"refsource": "MLIST",
"name": "[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"
}
]
},

66
2020/10xxx/CVE-2020-10590.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-10590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-10590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.replicated.com",
"refsource": "MISC",
"name": "https://blog.replicated.com"
},
{
"refsource": "CONFIRM",
"name": "https://gradle.com/enterprise/releases/2019.5/#changes",
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"refsource": "MISC",
"name": "https://www.replicated.com/security/advisories/CVE-2020-10590",
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
]
}

56
2020/15xxx/CVE-2020-15948.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163687/eGain-Chat-15.5.5-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/163687/eGain-Chat-15.5.5-Cross-Site-Scripting.html"
}
]
}

56
2020/20xxx/CVE-2020-20698.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Peithon/vul/blob/master/readme.md",
"refsource": "MISC",
"name": "https://github.com/Peithon/vul/blob/master/readme.md"
}
]
}

56
2020/20xxx/CVE-2020-20699.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Peithon/xss/blob/master/readme.md",
"refsource": "MISC",
"name": "https://github.com/Peithon/xss/blob/master/readme.md"
}
]
}

56
2020/20xxx/CVE-2020-20700.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Peithon/recycle_XSS/blob/master/readme.md",
"refsource": "MISC",
"name": "https://github.com/Peithon/recycle_XSS/blob/master/readme.md"
}
]
}

56
2020/20xxx/CVE-2020-20701.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Peithon/site_XSS/blob/master/readme.md",
"refsource": "MISC",
"name": "https://github.com/Peithon/site_XSS/blob/master/readme.md"
}
]
}

56
2020/21xxx/CVE-2020-21854.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/TideSec/WDScanner/issues/41",
"refsource": "MISC",
"name": "https://github.com/TideSec/WDScanner/issues/41"
}
]
}

43
2020/26xxx/CVE-2020-26180.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-10-01",
"ID": "CVE-2020-26180",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-10-01",
"ID": "CVE-2020-26180",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "OneFS 8.1.2, 8.2.2, 9.0+"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor",
"name": "https://www.dell.com/support/security/en-us/details/546591/DSA-2020-225-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-remotesuppor"
}
]
}

45
2020/5xxx/CVE-2020-5341.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-02-27",
"ID": "CVE-2020-5341",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-02-27",
"ID": "CVE-2020-5341",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Avamar Virtual Edition",
"product_name": "Avamar Virtual Edition",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "Avamar 7.5 Virtual Edition for VMware vSphere only"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data Vulnerability\r\nDell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.\r\n"
"lang": "eng",
"value": "Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability",
"name": "https://www.dell.com/support/security/en-us/details/541677/DSA-2020-057-Dell-EMC-Avamar-Server-Deserialization-of-Untrusted-Data-Vulnerability"
}
]
}

43
2020/5xxx/CVE-2020-5351.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-04-07",
"ID": "CVE-2020-5351",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-04-07",
"ID": "CVE-2020-5351",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Data Protection Advisor",
"product_name": "Data Protection Advisor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "6.4, 6.5, 18.1"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-259: Use of Hard-coded Password"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/542649/DSA-2020-080-Dell-EMC-Data-Protection-Advisor-Hard-Coded-Credential-Vulnerability"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/542649/DSA-2020-080-Dell-EMC-Data-Protection-Advisor-Hard-Coded-Credential-Vulnerability",
"name": "https://www.dell.com/support/security/en-us/details/542649/DSA-2020-080-Dell-EMC-Data-Protection-Advisor-Hard-Coded-Credential-Vulnerability"
}
]
}

7
2021/20xxx/CVE-2021-20783.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20783",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/jp/JVN34364599/index.html"
"url": "https://jvn.jp/en/jp/JVN34364599/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN34364599/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20785.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20785",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://groupsession.jp/info/info-news/security202107"
"url": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"name": "https://groupsession.jp/info/info-news/security202107"
},
{
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
"url": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20786.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20786",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://groupsession.jp/info/info-news/security202107"
"url": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"name": "https://groupsession.jp/info/info-news/security202107"
},
{
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
"url": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20787.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20787",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://groupsession.jp/info/info-news/security202107"
"url": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"name": "https://groupsession.jp/info/info-news/security202107"
},
{
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
"url": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20788.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20788",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://groupsession.jp/info/info-news/security202107"
"url": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"name": "https://groupsession.jp/info/info-news/security202107"
},
{
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
"url": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20789.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20789",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://groupsession.jp/info/info-news/security202107"
"url": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"name": "https://groupsession.jp/info/info-news/security202107"
},
{
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
"url": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
},

22
2021/23xxx/CVE-2021-23414.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429",
"name": "https://snyk.io/vuln/SNYK-JS-VIDEOJS-1533429"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1533587"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2"
"refsource": "MISC",
"url": "https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2",
"name": "https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package video.js before 7.14.3.\n The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.\r\n\r\n"
"value": "This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code."
}
]
},

12
2021/23xxx/CVE-2021-23415.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERASPNET-1315153"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERASPNET-1315153",
"name": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERASPNET-1315153"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/mguinness/elFinder.AspNet/commit/675049b39284a9e84f0915c71d688da8ebc7d720"
"refsource": "MISC",
"url": "https://github.com/mguinness/elFinder.AspNet/commit/675049b39284a9e84f0915c71d688da8ebc7d720",
"name": "https://github.com/mguinness/elFinder.AspNet/commit/675049b39284a9e84f0915c71d688da8ebc7d720"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package elFinder.AspNet before 1.1.1.\n The user-controlled file name is not properly sanitized before it is used to create a file system path.\r\n\r\n"
"value": "This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path."
}
]
},

12
2021/23xxx/CVE-2021-23416.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106",
"name": "https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31"
"refsource": "MISC",
"url": "https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31",
"name": "https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package curly-bracket-parser.\n When used as a template library, it does not properly sanitize the user input.\r\n\r\n"
"value": "This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input."
}
]
},

12
2021/23xxx/CVE-2021-23417.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-DEEPMERGEFN-1310984"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DEEPMERGEFN-1310984",
"name": "https://snyk.io/vuln/SNYK-JS-DEEPMERGEFN-1310984"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/jesusgm/deepmergefn/blob/master/index.js%23L6"
"refsource": "MISC",
"url": "https://github.com/jesusgm/deepmergefn/blob/master/index.js%23L6",
"name": "https://github.com/jesusgm/deepmergefn/blob/master/index.js%23L6"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.\r\n\r\n"
"value": "All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function."
}
]
},

56
2021/25xxx/CVE-2021-25200.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-25200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \\lms\\student_avatar.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/TCSWT/Learning-Management-System/blob/main/README.md",
"refsource": "MISC",
"name": "https://github.com/TCSWT/Learning-Management-System/blob/main/README.md"
}
]
}

5
2021/27xxx/CVE-2021-27905.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"
}
]
},

4
2021/32xxx/CVE-2021-32000.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-07-08T00:00:00.000Z",
"ID": "CVE-2021-32000",
"STATE": "PUBLIC",
@ -75,7 +75,7 @@
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files.\nThis issue affects:\nSUSE Linux Enterprise Server 12 SP3\nclone-master-clean-up version 1.6-4.6.1 and prior versions.\nSUSE Linux Enterprise Server 15 SP1\nclone-master-clean-up version 1.6-3.9.1 and prior versions.\nopenSUSE Factory\nclone-master-clean-up version 1.6-1.4 and prior versions."
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions."
}
]
},

4
2021/32xxx/CVE-2021-32001.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-07-19T00:00:00.000Z",
"ID": "CVE-2021-32001",
"STATE": "PUBLIC",
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc) and decrypt it, without having to know the token value.\nThis issue affects:\nSUSE Rancher\nK3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions;\nRKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions."
"value": "A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc) and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions; RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions."
}
]
},

2
2021/32xxx/CVE-2021-32748.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": " Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."
"value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."
}
]
},

2
2021/32xxx/CVE-2021-32788.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic.\n"
"value": "Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal message even though the whisper post cannot be seen by them. 2: When a whisper post is before the last post in a post stream, deleting the last post will result in the creator of the whisper post to be revealed to non-staff users as the last poster of the topic."
}
]
},

12
2021/32xxx/CVE-2021-32796.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.\n"
"value": "xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents."
}
]
},
@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
"refsource": "MISC",
"url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/"
},
{
"name": "https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q",
"refsource": "CONFIRM",
@ -78,11 +83,6 @@
"name": "https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b",
"refsource": "MISC",
"url": "https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b"
},
{
"name": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
"refsource": "MISC",
"url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/"
}
]
},

10
2021/33xxx/CVE-2021-33037.json
View File

@ -86,6 +86,16 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "MLIST",
"name": "[tomee-commits] 20210728 [jira] [Created] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
"url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3Ccommits.tomee.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomee-commits] 20210728 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
"url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3Ccommits.tomee.apache.org%3E"
}
]
},

5
2021/34xxx/CVE-2021-34516.json
View File

@ -278,6 +278,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34516",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34516"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-895/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-895/"
}
]
}

10
2021/34xxx/CVE-2021-34558.json
View File

@ -66,6 +66,16 @@
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ",
"url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-25c0011e78",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-1bfb61f77c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
}
]
}

61
2021/36xxx/CVE-2021-36983.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matanui159/ReplaySorcery/releases",
"refsource": "MISC",
"name": "https://github.com/matanui159/ReplaySorcery/releases"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/07/27/1",
"url": "http://www.openwall.com/lists/oss-security/2021/07/27/1"
}
]
}

18
2021/37xxx/CVE-2021-37581.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37582.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37582",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37583.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37584.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37585.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37586.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

82
2021/37xxx/CVE-2021-37587.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/JHUISI/charm/issues/276",
"refsource": "MISC",
"name": "https://github.com/JHUISI/charm/issues/276"
},
{
"url": "https://jhuisi.github.io/charm/charm/schemes/abenc/abenc_dacmacs_yj14.html",
"refsource": "MISC",
"name": "https://jhuisi.github.io/charm/charm/schemes/abenc/abenc_dacmacs_yj14.html"
},
{
"url": "https://jhuisi.github.io/charm/_modules/abenc_maabe_yj14.html",
"refsource": "MISC",
"name": "https://jhuisi.github.io/charm/_modules/abenc_maabe_yj14.html"
},
{
"url": "https://eprint.iacr.org/2020/460",
"refsource": "MISC",
"name": "https://eprint.iacr.org/2020/460"
},
{
"url": "https://www2.hci.uni-hannover.de/papers/Tan2019.pdf",
"refsource": "MISC",
"name": "https://www2.hci.uni-hannover.de/papers/Tan2019.pdf"
}
]
}
}

77
2021/37xxx/CVE-2021-37588.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/JHUISI/charm/issues/276",
"refsource": "MISC",
"name": "https://github.com/JHUISI/charm/issues/276"
},
{
"url": "https://eprint.iacr.org/2020/460",
"refsource": "MISC",
"name": "https://eprint.iacr.org/2020/460"
},
{
"url": "https://www2.hci.uni-hannover.de/papers/Tan2019.pdf",
"refsource": "MISC",
"name": "https://www2.hci.uni-hannover.de/papers/Tan2019.pdf"
},
{
"url": "https://github.com/JHUISI/charm/blob/dev/charm/schemes/abenc/abenc_yct14.py",
"refsource": "MISC",
"name": "https://github.com/JHUISI/charm/blob/dev/charm/schemes/abenc/abenc_yct14.py"
}
]
}
}

18
2021/37xxx/CVE-2021-37589.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37590.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37591.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37592.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2021/37xxx/CVE-2021-37593.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PEEL Shopping before 9.4.0.1 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands via the id parameter on the achat/produit_details.php?id={SQLi] endpoint. Upon a successful SQL injection attack, an attacker can read sensitive data from the database or modify database data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/advisto/peel-shopping/issues/3",
"refsource": "MISC",
"name": "https://github.com/advisto/peel-shopping/issues/3"
}
]
}
}

67
2021/37xxx/CVE-2021-37594.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0"
}
]
}
}

67
2021/37xxx/CVE-2021-37595.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/compare/2.3.2...2.4.0"
}
]
}
}

62
2021/37xxx/CVE-2021-37596.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Telegram Web K Alpha 0.6.1 allows XSS via a document name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/morethanwords/tweb/commit/11d2fe01363889f20c8baa2217ed4aad445c5551",
"refsource": "MISC",
"name": "https://github.com/morethanwords/tweb/commit/11d2fe01363889f20c8baa2217ed4aad445c5551"
}
]
}
}

18
2021/37xxx/CVE-2021-37597.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2021/37xxx/CVE-2021-37601.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://prosody.im/security/advisory_20210722/",
"refsource": "MISC",
"name": "https://prosody.im/security/advisory_20210722/"
},
{
"url": "https://prosody.im/",
"refsource": "MISC",
"name": "https://prosody.im/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)",
"url": "http://www.openwall.com/lists/oss-security/2021/07/28/4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

67
2021/37xxx/CVE-2021-37606.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://news.ycombinator.com/item?id=27978878",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=27978878"
},
{
"url": "https://peter.website/meow-hash-cryptanalysis",
"refsource": "MISC",
"name": "https://peter.website/meow-hash-cryptanalysis"
}
]
}
}

5
2021/3xxx/CVE-2021-3163.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/quilljs/quill/issues/3273",
"url": "https://github.com/quilljs/quill/issues/3273"
},
{
"refsource": "MISC",
"name": "https://github.com/quilljs/quill/issues/3364",
"url": "https://github.com/quilljs/quill/issues/3364"
}
]
}