From 47f2e37987a0a18855d56355e3f3b4b22ceebb13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 30 Jul 2021 14:10:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2438.json | 5 + 2011/5xxx/CVE-2011-5034.json | 10 ++ 2013/4xxx/CVE-2013-4536.json | 5 + 2019/12xxx/CVE-2019-12067.json | 5 + 2019/9xxx/CVE-2019-9978.json | 5 + 2020/11xxx/CVE-2020-11511.json | 66 ++++++++++-- 2020/14xxx/CVE-2020-14999.json | 56 ++++++++-- 2020/16xxx/CVE-2020-16839.json | 69 ++++++++++-- 2020/18xxx/CVE-2020-18013.json | 56 ++++++++-- 2020/19xxx/CVE-2020-19118.json | 56 ++++++++-- 2020/21xxx/CVE-2020-21806.json | 56 ++++++++-- 2020/25xxx/CVE-2020-25097.json | 5 + 2020/36xxx/CVE-2020-36387.json | 5 + 2021/20xxx/CVE-2021-20293.json | 5 + 2021/20xxx/CVE-2021-20399.json | 190 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20562.json | 190 ++++++++++++++++----------------- 2021/21xxx/CVE-2021-21409.json | 15 +++ 2021/22xxx/CVE-2021-22897.json | 5 + 2021/22xxx/CVE-2021-22901.json | 5 + 2021/28xxx/CVE-2021-28093.json | 66 ++++++++++-- 2021/28xxx/CVE-2021-28094.json | 66 ++++++++++-- 2021/28xxx/CVE-2021-28095.json | 66 ++++++++++-- 2021/28xxx/CVE-2021-28169.json | 5 + 2021/28xxx/CVE-2021-28674.json | 61 +++++++++-- 2021/28xxx/CVE-2021-28966.json | 56 ++++++++-- 2021/30xxx/CVE-2021-30483.json | 66 ++++++++++-- 2021/31xxx/CVE-2021-31618.json | 5 + 2021/31xxx/CVE-2021-31878.json | 76 +++++++++++-- 2021/32xxx/CVE-2021-32558.json | 71 ++++++++++-- 2021/32xxx/CVE-2021-32610.json | 71 ++++++++++-- 2021/33xxx/CVE-2021-33203.json | 5 + 2021/33xxx/CVE-2021-33571.json | 5 + 2021/34xxx/CVE-2021-34802.json | 61 +++++++++-- 2021/35xxx/CVE-2021-35331.json | 2 +- 2021/35xxx/CVE-2021-35458.json | 61 +++++++++-- 2021/35xxx/CVE-2021-35472.json | 71 ++++++++++-- 2021/35xxx/CVE-2021-35478.json | 66 ++++++++++-- 2021/35xxx/CVE-2021-35479.json | 66 ++++++++++-- 2021/36xxx/CVE-2021-36004.json | 90 ++++++++++++++-- 2021/36xxx/CVE-2021-36605.json | 56 ++++++++-- 2021/36xxx/CVE-2021-36754.json | 66 ++++++++++-- 2021/36xxx/CVE-2021-36766.json | 66 ++++++++++-- 2021/37xxx/CVE-2021-37576.json | 5 + 2021/37xxx/CVE-2021-37578.json | 89 ++------------- 2021/37xxx/CVE-2021-37579.json | 18 ++++ 2021/37xxx/CVE-2021-37580.json | 18 ++++ 2021/3xxx/CVE-2021-3667.json | 18 ++++ 47 files changed, 1766 insertions(+), 415 deletions(-) create mode 100644 2021/37xxx/CVE-2021-37579.json create mode 100644 2021/37xxx/CVE-2021-37580.json create mode 100644 2021/3xxx/CVE-2021-3667.json diff --git a/2002/2xxx/CVE-2002-2438.json b/2002/2xxx/CVE-2002-2438.json index 0c889bf91e9..b10b4044253 100644 --- a/2002/2xxx/CVE-2002-2438.json +++ b/2002/2xxx/CVE-2002-2438.json @@ -118,6 +118,11 @@ "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2012/02/03/7", "url": "https://www.openwall.com/lists/oss-security/2012/02/03/7" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0003/" } ] }, diff --git a/2011/5xxx/CVE-2011-5034.json b/2011/5xxx/CVE-2011-5034.json index dad60a96153..6758db4b192 100644 --- a/2011/5xxx/CVE-2011-5034.json +++ b/2011/5xxx/CVE-2011-5034.json @@ -121,6 +121,16 @@ "refsource": "MLIST", "name": "[karaf-issues] 20210726 [jira] [Resolved] (KARAF-7227) Upgrade geronimo artifacts to mitigate CVE-2011-5034", "url": "https://lists.apache.org/thread.html/r3c541f019b74902e8e61d73e40ecc2837dfce1b744ad5546919b993c@%3Cissues.karaf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[geronimo-dev] 20210727 [jira] [Created] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034", + "url": "https://lists.apache.org/thread.html/r4fe6b5ff1d48e23337304fd5ac983d89328aecbd1fa198cfc966fbd7@%3Cdev.geronimo.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[geronimo-dev] 20210727 [jira] [Commented] (GERONIMO-6814) Improve Geronimo specs to mitigate CVE-2011-5034", + "url": "https://lists.apache.org/thread.html/ra10015f6f3c3c88b7d813383554e87c06347fe163487148669189b8e@%3Cdev.geronimo.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4536.json b/2013/4xxx/CVE-2013-4536.json index 1d24ed008de..712a7ef8779 100644 --- a/2013/4xxx/CVE-2013-4536.json +++ b/2013/4xxx/CVE-2013-4536.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0002/" } ] }, diff --git a/2019/12xxx/CVE-2019-12067.json b/2019/12xxx/CVE-2019-12067.json index bf6dd678628..7730dec54aa 100644 --- a/2019/12xxx/CVE-2019-12067.json +++ b/2019/12xxx/CVE-2019-12067.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2019-12067", "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0001/" } ] } diff --git a/2019/9xxx/CVE-2019-9978.json b/2019/9xxx/CVE-2019-9978.json index 43c79c6603e..c63b3de1837 100644 --- a/2019/9xxx/CVE-2019-9978.json +++ b/2019/9xxx/CVE-2019-9978.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/152722/Wordpress-Social-Warfare-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html" } ] } diff --git a/2020/11xxx/CVE-2020-11511.json b/2020/11xxx/CVE-2020-11511.json index 08cd4c03c67..f7226bdd9d4 100644 --- a/2020/11xxx/CVE-2020-11511.json +++ b/2020/11xxx/CVE-2020-11511.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11511", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11511", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/learnpress/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/learnpress/#developers" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/163538/WordPress-LearnPress-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/", + "url": "https://www.wordfence.com/blog/2020/04/high-severity-vulnerabilities-patched-in-learnpress/" } ] } diff --git a/2020/14xxx/CVE-2020-14999.json b/2020/14xxx/CVE-2020-14999.json index 113d223b7fb..0250024d9cc 100644 --- a/2020/14xxx/CVE-2020-14999.json +++ b/2020/14xxx/CVE-2020-14999.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14999", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14999", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.acronis.com/en-us/support/updates/index.html", + "refsource": "MISC", + "name": "https://www.acronis.com/en-us/support/updates/index.html" } ] } diff --git a/2020/16xxx/CVE-2020-16839.json b/2020/16xxx/CVE-2020-16839.json index 8582ecc5a5e..f25293ab76a 100644 --- a/2020/16xxx/CVE-2020-16839.json +++ b/2020/16xxx/CVE-2020-16839.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-16839", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-16839", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.crestron.com", + "refsource": "MISC", + "name": "https://support.crestron.com" + }, + { + "refsource": "CONFIRM", + "name": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802", + "url": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802" + }, + { + "refsource": "CONFIRM", + "name": "https://www.security.crestron.com", + "url": "https://www.security.crestron.com" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/18xxx/CVE-2020-18013.json b/2020/18xxx/CVE-2020-18013.json index 970d1e1b54b..5910ded54ae 100644 --- a/2020/18xxx/CVE-2020-18013.json +++ b/2020/18xxx/CVE-2020-18013.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18013", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18013", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YangSirrr/opendebug/blob/master/whatsns/Main.md", + "refsource": "MISC", + "name": "https://github.com/YangSirrr/opendebug/blob/master/whatsns/Main.md" } ] } diff --git a/2020/19xxx/CVE-2020-19118.json b/2020/19xxx/CVE-2020-19118.json index a5eedde11fa..53a61c3f4ba 100644 --- a/2020/19xxx/CVE-2020-19118.json +++ b/2020/19xxx/CVE-2020-19118.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19118", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yzmcms/yzmcms/issues/14", + "refsource": "MISC", + "name": "https://github.com/yzmcms/yzmcms/issues/14" } ] } diff --git a/2020/21xxx/CVE-2020-21806.json b/2020/21xxx/CVE-2020-21806.json index 73b6c78acca..3d30050df70 100644 --- a/2020/21xxx/CVE-2020-21806.json +++ b/2020/21xxx/CVE-2020-21806.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21806", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21806", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ectouch/ectouch/issues/5", + "refsource": "MISC", + "name": "https://github.com/ectouch/ectouch/issues/5" } ] } diff --git a/2020/25xxx/CVE-2020-25097.json b/2020/25xxx/CVE-2020-25097.json index c6e0f0db101..113870dcdc0 100644 --- a/2020/25xxx/CVE-2020-25097.json +++ b/2020/25xxx/CVE-2020-25097.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-14", "url": "https://security.gentoo.org/glsa/202105-14" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0010/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0010/" } ] } diff --git a/2020/36xxx/CVE-2020-36387.json b/2020/36xxx/CVE-2020-36387.json index 0c392e96fbb..f844f88e0ca 100644 --- a/2020/36xxx/CVE-2020-36387.json +++ b/2020/36xxx/CVE-2020-36387.json @@ -71,6 +71,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0006/" } ] } diff --git a/2021/20xxx/CVE-2021-20293.json b/2021/20xxx/CVE-2021-20293.json index ed1cdbd0fa2..0f0dbc945d8 100644 --- a/2021/20xxx/CVE-2021-20293.json +++ b/2021/20xxx/CVE-2021-20293.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0005/" } ] }, diff --git a/2021/20xxx/CVE-2021-20399.json b/2021/20xxx/CVE-2021-20399.json index 7e1f7de9804..453dfc34f8e 100644 --- a/2021/20xxx/CVE-2021-20399.json +++ b/2021/20xxx/CVE-2021-20399.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6475263", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6475263", - "title" : "IBM Security Bulletin 6475263 (QRadar SIEM)" - }, - { - "name" : "ibm-qradar-cve202120399-xxe (196073)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196073", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.3.0" - }, - { - "version_value" : "7.4.0" - }, - { - "version_value" : "7.4.3" - }, - { - "version_value" : "7.3.3.Patch.8" - } - ] - }, - "product_name" : "QRadar SIEM" - } - ] - } + "lang": "eng", + "value": "IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6475263", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6475263", + "title": "IBM Security Bulletin 6475263 (QRadar SIEM)" + }, + { + "name": "ibm-qradar-cve202120399-xxe (196073)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196073", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.4.0" + }, + { + "version_value": "7.4.3" + }, + { + "version_value": "7.3.3.Patch.8" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + } + } ] - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20399", - "DATE_PUBLIC" : "2021-07-26T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "PR" : "L", - "C" : "H", - "UI" : "N", - "AC" : "L", - "SCORE" : "7.100", - "S" : "U", - "I" : "N", - "A" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-20399", + "DATE_PUBLIC": "2021-07-26T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "PR": "L", + "C": "H", + "UI": "N", + "AC": "L", + "SCORE": "7.100", + "S": "U", + "I": "N", + "A": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20562.json b/2021/20xxx/CVE-2021-20562.json index 1cf99c4471f..1e075c965f1 100644 --- a/2021/20xxx/CVE-2021-20562.json +++ b/2021/20xxx/CVE-2021-20562.json @@ -1,99 +1,99 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6475301", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6475301 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/6475301" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve202120562-xss (199232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199232" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "6.1.0.0" - }, - { - "version_value" : "6.1.0.2" - }, - { - "version_value" : "5.2.6.5_3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6475301", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6475301 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/6475301" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve202120562-xss (199232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199232" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "6.1.0.0" + }, + { + "version_value": "6.1.0.2" + }, + { + "version_value": "5.2.6.5_3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20562", - "DATE_PUBLIC" : "2021-07-26T00:00:00" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - }, - "BM" : { - "AC" : "L", - "SCORE" : "5.400", - "A" : "N", - "I" : "L", - "S" : "C", - "AV" : "N", - "PR" : "L", - "C" : "L", - "UI" : "R" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_format": "MITRE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20562", + "DATE_PUBLIC": "2021-07-26T00:00:00" + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + }, + "BM": { + "AC": "L", + "SCORE": "5.400", + "A": "N", + "I": "L", + "S": "C", + "AV": "N", + "PR": "L", + "C": "L", + "UI": "R" + } + } + } +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21409.json b/2021/21xxx/CVE-2021-21409.json index 0844cfbf374..fe024eaf976 100644 --- a/2021/21xxx/CVE-2021-21409.json +++ b/2021/21xxx/CVE-2021-21409.json @@ -263,6 +263,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210604-0003/", "url": "https://security.netapp.com/advisory/ntap-20210604-0003/" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E" } ] }, diff --git a/2021/22xxx/CVE-2021-22897.json b/2021/22xxx/CVE-2021-22897.json index f56d9364db8..8c9dcf99fc6 100644 --- a/2021/22xxx/CVE-2021-22897.json +++ b/2021/22xxx/CVE-2021-22897.json @@ -63,6 +63,11 @@ "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0007/" } ] }, diff --git a/2021/22xxx/CVE-2021-22901.json b/2021/22xxx/CVE-2021-22901.json index 196d46d9151..523697704e8 100644 --- a/2021/22xxx/CVE-2021-22901.json +++ b/2021/22xxx/CVE-2021-22901.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210723-0001/", "url": "https://security.netapp.com/advisory/ntap-20210723-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0007/" } ] }, diff --git a/2021/28xxx/CVE-2021-28093.json b/2021/28xxx/CVE-2021-28093.json index dcbfbc0836a..2b03d63ad74 100644 --- a/2021/28xxx/CVE-2021-28093.json +++ b/2021/28xxx/CVE-2021-28093.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28093", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28093", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com", + "refsource": "MISC", + "name": "https://www.open-xchange.com" + }, + { + "refsource": "FULLDISC", + "name": "20210720 Open-Xchange Security Advisory 2021-07-19", + "url": "http://seclists.org/fulldisclosure/2021/Jul/37" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html", + "url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html" } ] } diff --git a/2021/28xxx/CVE-2021-28094.json b/2021/28xxx/CVE-2021-28094.json index 8cf36bd14ce..d107204f1d5 100644 --- a/2021/28xxx/CVE-2021-28094.json +++ b/2021/28xxx/CVE-2021-28094.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28094", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28094", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com", + "refsource": "MISC", + "name": "https://www.open-xchange.com" + }, + { + "refsource": "FULLDISC", + "name": "20210720 Open-Xchange Security Advisory 2021-07-19", + "url": "http://seclists.org/fulldisclosure/2021/Jul/37" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html", + "url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html" } ] } diff --git a/2021/28xxx/CVE-2021-28095.json b/2021/28xxx/CVE-2021-28095.json index 5fb0861220e..24eb44ae9b8 100644 --- a/2021/28xxx/CVE-2021-28095.json +++ b/2021/28xxx/CVE-2021-28095.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28095", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28095", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com", + "refsource": "MISC", + "name": "https://www.open-xchange.com" + }, + { + "refsource": "FULLDISC", + "name": "20210720 Open-Xchange Security Advisory 2021-07-19", + "url": "http://seclists.org/fulldisclosure/2021/Jul/37" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html", + "url": "http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html" } ] } diff --git a/2021/28xxx/CVE-2021-28169.json b/2021/28xxx/CVE-2021-28169.json index 64bd22bfda3..8fee24e2251 100644 --- a/2021/28xxx/CVE-2021-28169.json +++ b/2021/28xxx/CVE-2021-28169.json @@ -122,6 +122,11 @@ "refsource": "MLIST", "name": "[kafka-jira] 20210722 [jira] [Resolved] (KAFKA-12985) CVE-2021-28169 - Upgrade jetty to 9.4.41", "url": "https://lists.apache.org/thread.html/rb1292d30462b9baedea7c5d9594fc75990d9aa0ec223b48054ca9c25@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0009/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0009/" } ] } diff --git a/2021/28xxx/CVE-2021-28674.json b/2021/28xxx/CVE-2021-28674.json index d26124215de..d6c186480da 100644 --- a/2021/28xxx/CVE-2021-28674.json +++ b/2021/28xxx/CVE-2021-28674.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28674", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28674", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/zFUd2cCj", + "url": "https://pastebin.com/zFUd2cCj" + }, + { + "refsource": "CONFIRM", + "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-28674", + "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-28674" } ] } diff --git a/2021/28xxx/CVE-2021-28966.json b/2021/28xxx/CVE-2021-28966.json index f25edb7a455..c0ab133259d 100644 --- a/2021/28xxx/CVE-2021-28966.json +++ b/2021/28xxx/CVE-2021-28966.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1131465", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1131465" } ] } diff --git a/2021/30xxx/CVE-2021-30483.json b/2021/30xxx/CVE-2021-30483.json index fc10a6661f1..29f169aee82 100644 --- a/2021/30xxx/CVE-2021-30483.json +++ b/2021/30xxx/CVE-2021-30483.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://vuln.ryotak.me/advisories/28", + "url": "https://vuln.ryotak.me/advisories/28" + }, + { + "refsource": "MISC", + "name": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2", + "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2" + }, + { + "refsource": "MISC", + "name": "https://github.com/isomorphic-git/isomorphic-git/pull/1339", + "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339" } ] } diff --git a/2021/31xxx/CVE-2021-31618.json b/2021/31xxx/CVE-2021-31618.json index 4f3c4bc0cfe..cb7201d1b7f 100644 --- a/2021/31xxx/CVE-2021-31618.json +++ b/2021/31xxx/CVE-2021-31618.json @@ -117,6 +117,11 @@ "refsource": "GENTOO", "name": "GLSA-202107-38", "url": "https://security.gentoo.org/glsa/202107-38" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0008/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" } ] }, diff --git a/2021/31xxx/CVE-2021-31878.json b/2021/31xxx/CVE-2021-31878.json index 58bf1bc99d6..714d6fdca25 100644 --- a/2021/31xxx/CVE-2021-31878.json +++ b/2021/31xxx/CVE-2021-31878.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31878", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31878", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20210722 AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver", + "url": "http://seclists.org/fulldisclosure/2021/Jul/48" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html", + "url": "http://packetstormsecurity.com/files/163638/Asterisk-Project-Security-Advisory-AST-2021-007.html" + }, + { + "refsource": "MISC", + "name": "http://downloads.asterisk.org/pub/security/AST-2021-007.html", + "url": "http://downloads.asterisk.org/pub/security/AST-2021-007.html" + }, + { + "refsource": "MISC", + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29381", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29381" + }, + { + "refsource": "MISC", + "name": "https://downloads.digium.com/pub/security/AST-2021-007.html", + "url": "https://downloads.digium.com/pub/security/AST-2021-007.html" } ] } diff --git a/2021/32xxx/CVE-2021-32558.json b/2021/32xxx/CVE-2021-32558.json index c59a9d893c0..3fee23a6468 100644 --- a/2021/32xxx/CVE-2021-32558.json +++ b/2021/32xxx/CVE-2021-32558.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32558", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32558", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20210722 AST-2021-008: Remote crash when using IAX2 channel driver", + "url": "http://seclists.org/fulldisclosure/2021/Jul/49" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html", + "url": "http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html" + }, + { + "refsource": "MISC", + "name": "https://downloads.asterisk.org/pub/security/AST-2021-008.html", + "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html" + }, + { + "refsource": "MISC", + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-29392", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-29392" } ] } diff --git a/2021/32xxx/CVE-2021-32610.json b/2021/32xxx/CVE-2021-32610.json index 08d935f2244..d17a432cb04 100644 --- a/2021/32xxx/CVE-2021-32610.json +++ b/2021/32xxx/CVE-2021-32610.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32610", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32610", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.drupal.org/sa-core-2021-004", + "url": "https://www.drupal.org/sa-core-2021-004" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2721-1] drupal7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/pear/Archive_Tar/releases/tag/1.4.14", + "url": "https://github.com/pear/Archive_Tar/releases/tag/1.4.14" + }, + { + "refsource": "MISC", + "name": "https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f", + "url": "https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f" } ] } diff --git a/2021/33xxx/CVE-2021-33203.json b/2021/33xxx/CVE-2021-33203.json index 8958957ede6..3d086630810 100644 --- a/2021/33xxx/CVE-2021-33203.json +++ b/2021/33xxx/CVE-2021-33203.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0004/" } ] } diff --git a/2021/33xxx/CVE-2021-33571.json b/2021/33xxx/CVE-2021-33571.json index e91f97799de..694c8185343 100644 --- a/2021/33xxx/CVE-2021-33571.json +++ b/2021/33xxx/CVE-2021-33571.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/", "url": "https://www.djangoproject.com/weblog/2021/jun/02/security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210727-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210727-0004/" } ] } diff --git a/2021/34xxx/CVE-2021-34802.json b/2021/34xxx/CVE-2021-34802.json index 1ab09f71302..d80f9639823 100644 --- a/2021/34xxx/CVE-2021-34802.json +++ b/2021/34xxx/CVE-2021-34802.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34802", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34802", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://neo4j.com", + "refsource": "MISC", + "name": "https://neo4j.com" + }, + { + "refsource": "MISC", + "name": "https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/", + "url": "https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/" } ] } diff --git a/2021/35xxx/CVE-2021-35331.json b/2021/35xxx/CVE-2021-35331.json index 2ce670a0ac5..dfe1ac42048 100644 --- a/2021/35xxx/CVE-2021-35331.json +++ b/2021/35xxx/CVE-2021-35331.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding." + "value": "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding." } ] }, diff --git a/2021/35xxx/CVE-2021-35458.json b/2021/35xxx/CVE-2021-35458.json index c209baf7243..55f22eb060d 100644 --- a/2021/35xxx/CVE-2021-35458.json +++ b/2021/35xxx/CVE-2021-35458.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/163282/Online-Pet-Shop-We-App-1.0-SQL-Injection-Shell-Upload.html" } ] } diff --git a/2021/35xxx/CVE-2021-35472.json b/2021/35xxx/CVE-2021-35472.json index 0397ea415e8..06aead7edfe 100644 --- a/2021/35xxx/CVE-2021-35472.json +++ b/2021/35xxx/CVE-2021-35472.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539", + "refsource": "MISC", + "name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539" + }, + { + "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags", + "refsource": "MISC", + "name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4943", + "url": "https://www.debian.org/security/2021/dsa-4943" + }, + { + "refsource": "CONFIRM", + "name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5", + "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5" } ] } diff --git a/2021/35xxx/CVE-2021-35478.json b/2021/35xxx/CVE-2021-35478.json index cc2845328e1..128c0e48c6b 100644 --- a/2021/35xxx/CVE-2021-35478.json +++ b/2021/35xxx/CVE-2021-35478.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35478", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35478", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/", + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-log-server/change-log/" + }, + { + "url": "https://research.nccgroup.com/?research=Technical%20advisories", + "refsource": "MISC", + "name": "https://research.nccgroup.com/?research=Technical%20advisories" + }, + { + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/", + "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/" } ] } diff --git a/2021/35xxx/CVE-2021-35479.json b/2021/35xxx/CVE-2021-35479.json index c2a8905d542..b98d05d3755 100644 --- a/2021/35xxx/CVE-2021-35479.json +++ b/2021/35xxx/CVE-2021-35479.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35479", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35479", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/", + "refsource": "MISC", + "name": "https://www.nagios.com/downloads/nagios-log-server/change-log/" + }, + { + "url": "https://research.nccgroup.com/?research=Technical%20advisories", + "refsource": "MISC", + "name": "https://research.nccgroup.com/?research=Technical%20advisories" + }, + { + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/", + "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/" } ] } diff --git a/2021/36xxx/CVE-2021-36004.json b/2021/36xxx/CVE-2021-36004.json index 2e4ba1273cf..592643ea668 100644 --- a/2021/36xxx/CVE-2021-36004.json +++ b/2021/36xxx/CVE-2021-36004.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2021-36004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.0" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36605.json b/2021/36xxx/CVE-2021-36605.json index bd9096d9e81..3a4475f7ccd 100644 --- a/2021/36xxx/CVE-2021-36605.json +++ b/2021/36xxx/CVE-2021-36605.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36605", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36605", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/3xxx/engineercms/issues/52", + "refsource": "MISC", + "name": "https://github.com/3xxx/engineercms/issues/52" } ] } diff --git a/2021/36xxx/CVE-2021-36754.json b/2021/36xxx/CVE-2021-36754.json index b0a10fe3ebf..f31f9eaf7c0 100644 --- a/2021/36xxx/CVE-2021-36754.json +++ b/2021/36xxx/CVE-2021-36754.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36754", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36754", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://doc.powerdns.com/authoritative/security-advisories/index.html", + "refsource": "MISC", + "name": "https://doc.powerdns.com/authoritative/security-advisories/index.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210726 security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0", + "url": "http://www.openwall.com/lists/oss-security/2021/07/26/2" + }, + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html", + "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html" } ] } diff --git a/2021/36xxx/CVE-2021-36766.json b/2021/36xxx/CVE-2021-36766.json index 0195763104a..23f2662d45d 100644 --- a/2021/36xxx/CVE-2021-36766.json +++ b/2021/36xxx/CVE-2021-36766.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36766", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36766", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1063039", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1063039" + }, + { + "refsource": "FULLDISC", + "name": "20210719 [KIS-2021-05] Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability", + "url": "http://seclists.org/fulldisclosure/2021/Jul/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html", + "url": "http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html" } ] } diff --git a/2021/37xxx/CVE-2021-37576.json b/2021/37xxx/CVE-2021-37576.json index f2f9ab9259d..142cd206942 100644 --- a/2021/37xxx/CVE-2021-37576.json +++ b/2021/37xxx/CVE-2021-37576.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2021/07/27/2" } ] } diff --git a/2021/37xxx/CVE-2021-37578.json b/2021/37xxx/CVE-2021-37578.json index 930fff7eeee..335dfad1997 100644 --- a/2021/37xxx/CVE-2021-37578.json +++ b/2021/37xxx/CVE-2021-37578.json @@ -1,89 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2021-37578", - "STATE": "PUBLIC", - "TITLE": "Remote code execution via RMI" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache jUDDI", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.3.10" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Reported by Artem Smotrakov" - } - ], - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services.\n\nRMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. \n\nFor both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed." + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - { - "other": "moderate" - } - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502 Deserialization of Untrusted Data" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E" - } - ] - }, - "source": { - "defect": [ - "JUDDI-1018" - ], - "discovery": "UNKNOWN" - }, - "work_around": [ - { - "lang": "eng", - "value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used." - } - ] -} + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37579.json b/2021/37xxx/CVE-2021-37579.json new file mode 100644 index 00000000000..5d346bed66a --- /dev/null +++ b/2021/37xxx/CVE-2021-37579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37580.json b/2021/37xxx/CVE-2021-37580.json new file mode 100644 index 00000000000..a616f23b959 --- /dev/null +++ b/2021/37xxx/CVE-2021-37580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3667.json b/2021/3xxx/CVE-2021-3667.json new file mode 100644 index 00000000000..a0846c06ea2 --- /dev/null +++ b/2021/3xxx/CVE-2021-3667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file