admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-30 14:10:20 +00:00
parent 0b30d2d9ad
commit 47f2e37987
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
47 changed files with 1766 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2002/2xxx/CVE-2002-2438.json
View File

@ -118,6 +118,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2012/02/03/7",
"url": "https://www.openwall.com/lists/oss-security/2012/02/03/7"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0003/"
}
]
},

10
2011/5xxx/CVE-2011-5034.json
View File

@ -121,6 +121,16 @@
"refsource": "MLIST",
"name": "[karaf-issues] 20210726 [jira] [Resolved] (KARAF-7227) Upgrade geronimo artifacts to mitigate CVE-2011-5034",
"url": "https://lists.apache.org/thread.html/r3c541f019b74902e8e61d73e40ecc2837dfce1b744ad5546919b993c@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[geronimo-dev] 20210727 [jira] [Created] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034",
"url": "https://lists.apache.org/thread.html/r4fe6b5ff1d48e23337304fd5ac983d89328aecbd1fa198cfc966fbd7@%3Cdev.geronimo.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[geronimo-dev] 20210727 [jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034",
"url": "https://lists.apache.org/thread.html/ra10015f6f3c3c88b7d813383554e87c06347fe163487148669189b8e@%3Cdev.geronimo.apache.org%3E"
}
]
}

5
2013/4xxx/CVE-2013-4536.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
}
]
},

5
2019/12xxx/CVE-2019-12067.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12067",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
}
]
}

5
2019/9xxx/CVE-2019-9978.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html"
}
]
}

66
2020/11xxx/CVE-2020-11511.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-11511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/learnpress/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/learnpress/#developers"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/",
"url": "https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/"
}
]
}

56
2020/14xxx/CVE-2020-14999.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14999",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-14999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.acronis.com/en-us/support/updates/index.html",
"refsource": "MISC",
"name": "https://www.acronis.com/en-us/support/updates/index.html"
}
]
}

69
2020/16xxx/CVE-2020-16839.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-16839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-16839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.crestron.com",
"refsource": "MISC",
"name": "https://support.crestron.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802",
"url": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802"
},
{
"refsource": "CONFIRM",
"name": "https://www.security.crestron.com",
"url": "https://www.security.crestron.com"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

56
2020/18xxx/CVE-2020-18013.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/YangSirrr/opendebug/blob/master/whatsns/Main.md",
"refsource": "MISC",
"name": "https://github.com/YangSirrr/opendebug/blob/master/whatsns/Main.md"
}
]
}

56
2020/19xxx/CVE-2020-19118.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yzmcms/yzmcms/issues/14",
"refsource": "MISC",
"name": "https://github.com/yzmcms/yzmcms/issues/14"
}
]
}

56
2020/21xxx/CVE-2020-21806.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ectouch/ectouch/issues/5",
"refsource": "MISC",
"name": "https://github.com/ectouch/ectouch/issues/5"
}
]
}

5
2020/25xxx/CVE-2020-25097.json
View File

@ -91,6 +91,11 @@
"refsource": "GENTOO",
"name": "GLSA-202105-14",
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0010/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
}
]
}

5
2020/36xxx/CVE-2020-36387.json
View File

@ -71,6 +71,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0006/"
}
]
}

5
2021/20xxx/CVE-2021-20293.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0005/"
}
]
},

190
2021/20xxx/CVE-2021-20399.json
View File

@ -1,99 +1,99 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6475263",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6475263",
"title" : "IBM Security Bulletin 6475263 (QRadar SIEM)"
},
{
"name" : "ibm-qradar-cve202120399-xxe (196073)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196073",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.3.0"
},
{
"version_value" : "7.4.0"
},
{
"version_value" : "7.4.3"
},
{
"version_value" : "7.3.3.Patch.8"
}
]
},
"product_name" : "QRadar SIEM"
}
]
}
"lang": "eng",
"value": "IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6475263",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6475263",
"title": "IBM Security Bulletin 6475263 (QRadar SIEM)"
},
{
"name": "ibm-qradar-cve202120399-xxe (196073)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196073",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.3.0"
},
{
"version_value": "7.4.0"
},
{
"version_value": "7.4.3"
},
{
"version_value": "7.3.3.Patch.8"
}
]
},
"product_name": "QRadar SIEM"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20399",
"DATE_PUBLIC" : "2021-07-26T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"PR" : "L",
"C" : "H",
"UI" : "N",
"AC" : "L",
"SCORE" : "7.100",
"S" : "U",
"I" : "N",
"A" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-20399",
"DATE_PUBLIC": "2021-07-26T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"PR": "L",
"C": "H",
"UI": "N",
"AC": "L",
"SCORE": "7.100",
"S": "U",
"I": "N",
"A": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
}
}

190
2021/20xxx/CVE-2021-20562.json
View File

@ -1,99 +1,99 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6475301",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6475301 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6475301"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202120562-xss (199232)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199232"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "5.2.6.5_3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6475301",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6475301 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/6475301"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202120562-xss (199232)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199232"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "5.2.6.5_3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20562",
"DATE_PUBLIC" : "2021-07-26T00:00:00"
},
"data_type" : "CVE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"AC" : "L",
"SCORE" : "5.400",
"A" : "N",
"I" : "L",
"S" : "C",
"AV" : "N",
"PR" : "L",
"C" : "L",
"UI" : "R"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20562",
"DATE_PUBLIC": "2021-07-26T00:00:00"
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"AC": "L",
"SCORE": "5.400",
"A": "N",
"I": "L",
"S": "C",
"AV": "N",
"PR": "L",
"C": "L",
"UI": "R"
}
}
}
}

15
2021/21xxx/CVE-2021-21409.json
View File

@ -263,6 +263,21 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
}
]
},

5
2021/22xxx/CVE-2021-22897.json
View File

@ -63,6 +63,11 @@
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
}
]
},

5
2021/22xxx/CVE-2021-22901.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210723-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210723-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0007/"
}
]
},

66
2021/28xxx/CVE-2021-28093.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.open-xchange.com",
"refsource": "MISC",
"name": "https://www.open-xchange.com"
},
{
"refsource": "FULLDISC",
"name": "20210720 Open-Xchange Security Advisory 2021-07-19",
"url": "http://seclists.org/fulldisclosure/2021/Jul/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html",
"url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html"
}
]
}

66
2021/28xxx/CVE-2021-28094.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.open-xchange.com",
"refsource": "MISC",
"name": "https://www.open-xchange.com"
},
{
"refsource": "FULLDISC",
"name": "20210720 Open-Xchange Security Advisory 2021-07-19",
"url": "http://seclists.org/fulldisclosure/2021/Jul/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html",
"url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html"
}
]
}

66
2021/28xxx/CVE-2021-28095.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.open-xchange.com",
"refsource": "MISC",
"name": "https://www.open-xchange.com"
},
{
"refsource": "FULLDISC",
"name": "20210720 Open-Xchange Security Advisory 2021-07-19",
"url": "http://seclists.org/fulldisclosure/2021/Jul/37"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html",
"url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html"
}
]
}

5
2021/28xxx/CVE-2021-28169.json
View File

@ -122,6 +122,11 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41",
"url": "https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0009/"
}
]
}

61
2021/28xxx/CVE-2021-28674.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pastebin.com/zFUd2cCj",
"url": "https://pastebin.com/zFUd2cCj"
},
{
"refsource": "CONFIRM",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-28674",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-28674"
}
]
}

56
2021/28xxx/CVE-2021-28966.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/1131465",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1131465"
}
]
}

66
2021/30xxx/CVE-2021-30483.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://vuln.ryotak.me/advisories/28",
"url": "https://vuln.ryotak.me/advisories/28"
},
{
"refsource": "MISC",
"name": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2",
"url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"
},
{
"refsource": "MISC",
"name": "https://github.com/isomorphic-git/isomorphic-git/pull/1339",
"url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"
}
]
}

5
2021/31xxx/CVE-2021-31618.json
View File

@ -117,6 +117,11 @@
"refsource": "GENTOO",
"name": "GLSA-202107-38",
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0008/"
}
]
},

76
2021/31xxx/CVE-2021-31878.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver",
"url": "http://seclists.org/fulldisclosure/2021/Jul/48"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html",
"url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html"
},
{
"refsource": "MISC",
"name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html",
"url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html"
},
{
"refsource": "MISC",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381"
},
{
"refsource": "MISC",
"name": "https://downloads.digium.com/pub/security/AST-2021-007.html",
"url": "https://downloads.digium.com/pub/security/AST-2021-007.html"
}
]
}

71
2021/32xxx/CVE-2021-32558.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver",
"url": "http://seclists.org/fulldisclosure/2021/Jul/49"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html",
"url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html"
},
{
"refsource": "MISC",
"name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html",
"url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html"
},
{
"refsource": "MISC",
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392"
}
]
}

71
2021/32xxx/CVE-2021-32610.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2021-004",
"url": "https://www.drupal.org/sa-core-2021-004"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2721-1] drupal7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html"
},
{
"refsource": "MISC",
"name": "https://github.com/pear/Archive_Tar/releases/tag/1.4.14",
"url": "https://github.com/pear/Archive_Tar/releases/tag/1.4.14"
},
{
"refsource": "MISC",
"name": "https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f",
"url": "https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f"
}
]
}

5
2021/33xxx/CVE-2021-33203.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0004/"
}
]
}

5
2021/33xxx/CVE-2021-33571.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210727-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210727-0004/"
}
]
}

61
2021/34xxx/CVE-2021-34802.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://neo4j.com",
"refsource": "MISC",
"name": "https://neo4j.com"
},
{
"refsource": "MISC",
"name": "https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/",
"url": "https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/"
}
]
}

2
2021/35xxx/CVE-2021-35331.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding."
"value": "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding."
}
]
},

61
2021/35xxx/CVE-2021-35458.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html"
}
]
}

71
2021/35xxx/CVE-2021-35472.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35472",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539",
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags",
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags"
},
{
"refsource": "DEBIAN",
"name": "DSA-4943",
"url": "https://www.debian.org/security/2021/dsa-4943"
},
{
"refsource": "CONFIRM",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5"
}
]
}

66
2021/35xxx/CVE-2021-35478.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/downloads/nagios-log-server/change-log/",
"refsource": "MISC",
"name": "https://www.nagios.com/downloads/nagios-log-server/change-log/"
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
"refsource": "MISC",
"name": "https://research.nccgroup.com/?research=Technical%20advisories"
},
{
"refsource": "MISC",
"name": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/",
"url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"
}
]
}

66
2021/35xxx/CVE-2021-35479.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/downloads/nagios-log-server/change-log/",
"refsource": "MISC",
"name": "https://www.nagios.com/downloads/nagios-log-server/change-log/"
},
{
"url": "https://research.nccgroup.com/?research=Technical%20advisories",
"refsource": "MISC",
"name": "https://research.nccgroup.com/?research=Technical%20advisories"
},
{
"refsource": "MISC",
"name": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/",
"url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"
}
]
}

90
2021/36xxx/CVE-2021-36004.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "NoneT23:00:00.000Z",
"ID": "CVE-2021-36004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "16.0"
},
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
},
{
"version_affected": "<=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html",
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

56
2021/36xxx/CVE-2021-36605.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/3xxx/engineercms/issues/52",
"refsource": "MISC",
"name": "https://github.com/3xxx/engineercms/issues/52"
}
]
}

66
2021/36xxx/CVE-2021-36754.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://doc.powerdns.com/authoritative/security-advisories/index.html",
"refsource": "MISC",
"name": "https://doc.powerdns.com/authoritative/security-advisories/index.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0",
"url": "http://www.openwall.com/lists/oss-security/2021/07/26/2"
},
{
"refsource": "CONFIRM",
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html"
}
]
}

66
2021/36xxx/CVE-2021-36766.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/1063039",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1063039"
},
{
"refsource": "FULLDISC",
"name": "20210719 [KIS-2021-05] Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability",
"url": "http://seclists.org/fulldisclosure/2021/Jul/36"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html",
"url": "http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html"
}
]
}

5
2021/37xxx/CVE-2021-37576.json
View File

@ -61,6 +61,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption",
"url": "http://www.openwall.com/lists/oss-security/2021/07/27/2"
}
]
}

89
2021/37xxx/CVE-2021-37578.json
View File

@ -1,89 +1,18 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-37578",
"STATE": "PUBLIC",
"TITLE": "Remote code execution via RMI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache jUDDI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.3.10"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Artem Smotrakov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services.\n\nRMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. \n\nFor both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E"
}
]
},
"source": {
"defect": [
"JUDDI-1018"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used."
}
]
}
}
}

18
2021/37xxx/CVE-2021-37579.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37580.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3667.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}