admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-03 17:00:32 +00:00
parent 88d4428d79
commit 4495ca7594
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 246 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
2021/3xxx/CVE-2021-3806.json
View File

@ -1,114 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-3806",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2021-09-13T00:00:00.000Z",
"TITLE": "Path Traversal in Pardus Software Center",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-21-0754"
],
"advisory": "TR-21-0754",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TUBITAK",
"product": {
"product_data": [
{
"product_name": "Pardus Software Center",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "0.1.0~beta10",
"platform": "amd64"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
"ID": "CVE-2021-3806",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability on Pardus Software Center's \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system."
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability on Pardus Software Center's \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TUBITAK",
"product": {
"product_data": [
{
"product_name": "Pardus Software Center",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.1.0~beta10"
}
]
}
}
]
}
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-21-0754",
"name": "https://www.usom.gov.tr/bildirim/tr-21-0754"
},
{
"refsource": "CONFIRM",
"url": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/",
"name": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/"
}
]
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-21-0754",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-21-0754"
},
{
"url": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/",
"refsource": "MISC",
"name": "https://pentest.blog/pardus-21-linux-distro-remote-code-execution-0day-2021/"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-21-0754",
"defect": [
"TR-21-0754"
],
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Pardus Software Center should be updated to the latest version."
}
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Pardus Software Center should be updated to the latest version.</p>"
}
],
"value": "Pardus Software Center should be updated to the latest version.\n\n"
}
],
"credit": [
{
"lang": "eng",
"value": "Mehmet INCE from PRODAFT"
}
]
}
"credits": [
{
"lang": "en",
"value": "Mehmet INCE from PRODAFT"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
}

243
2021/3xxx/CVE-2021-3825.json
View File

@ -1,119 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-3825",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2021-09-17T00:00:00.000Z",
"TITLE": "Missing Authorization Checks in LiderAhenk",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-21-0795"
],
"advisory": "TR-21-0795",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TUBITAK",
"product": {
"product_data": [
{
"product_name": "Lider",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.1.16",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-3825",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TUBITAK",
"product": {
"product_data": [
{
"product_name": "Lider",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.1.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-21-0795",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-21-0795"
},
{
"url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/",
"refsource": "MISC",
"name": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-21-0795",
"defect": [
"TR-21-0795"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>https://github.com/mdisec/pardus-liderahenk-0day-RCE</p>"
}
],
"value": "https://github.com/mdisec/pardus-liderahenk-0day-RCE\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Lider component should be updated to 2.1.16.</p>"
}
],
"value": "Lider component should be updated to 2.1.16.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Mehmet INCE from PRODAFT"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-21-0795",
"name": "https://www.usom.gov.tr/bildirim/tr-21-0795"
},
{
"refsource": "CONFIRM",
"url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/",
"name": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
}
},
"exploit": [
{
"lang": "eng",
"value": "https://github.com/mdisec/pardus-liderahenk-0day-RCE"
}
],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Lider component should be updated to 2.1.16."
}
],
"credit": [
{
"lang": "eng",
"value": "Mehmet INCE from PRODAFT"
}
]
}
}

6
2021/3xxx/CVE-2021-3958.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0."
"value": "Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.\n\n"
}
]
},
@ -66,6 +66,10 @@
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "CVE-2021-3958",
"defect": [
"CVE-2021-3958"
],
"discovery": "EXTERNAL"
},
"credits": [

4
2021/43xxx/CVE-2021-43361.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system."
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]

8
2021/43xxx/CVE-2021-43362.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system."
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
@ -66,6 +66,10 @@
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "CVE-2021-43362",
"defect": [
"CVE-2021-43362"
],
"discovery": "UNKNOWN"
},
"impact": {

2
2021/44xxx/CVE-2021-44196.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126."
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.\n\n"
}
]
},

2
2021/44xxx/CVE-2021-44197.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126."
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.\n\n"
}
]
},