diff --git a/2019/14xxx/CVE-2019-14851.json b/2019/14xxx/CVE-2019-14851.json new file mode 100644 index 00000000000..06aead234d0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14851.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14851", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nbdkit", + "version": { + "version_data": [ + { + "version_value": "nbdkit 1.12.8, nbdkit 1.14.2, nbdkit 1.15.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-617" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757259" + }, + { + "refsource": "MISC", + "name": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html", + "url": "https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14852.json b/2019/14xxx/CVE-2019-14852.json new file mode 100644 index 00000000000..d0db60f0daf --- /dev/null +++ b/2019/14xxx/CVE-2019-14852.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14852", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "apicast", + "version": { + "version_data": [ + { + "version_value": "As shipped with Red Hat 3scale API Management Platform" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1758208", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758208" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in 3scale\u2019s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vulnerable to this issue." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13936.json b/2020/13xxx/CVE-2020-13936.json index 98f57a03733..6273b49f41d 100644 --- a/2020/13xxx/CVE-2020-13936.json +++ b/2020/13xxx/CVE-2020-13936.json @@ -99,6 +99,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00019.html" + }, + { + "refsource": "MLIST", + "name": "[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)", + "url": "https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b33785b587d72726@%3Cdev.ws.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)", + "url": "https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa56c9de1963c340@%3Cdev.ws.apache.org%3E" } ] }, diff --git a/2020/26xxx/CVE-2020-26797.json b/2020/26xxx/CVE-2020-26797.json index 98cf862767c..fb532c5314a 100644 --- a/2020/26xxx/CVE-2020-26797.json +++ b/2020/26xxx/CVE-2020-26797.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26797", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26797", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/mediainfo/bugs/1154/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/mediainfo/bugs/1154/" } ] } diff --git a/2020/26xxx/CVE-2020-26886.json b/2020/26xxx/CVE-2020-26886.json index b9972ee7025..7a8f173de15 100644 --- a/2020/26xxx/CVE-2020-26886.json +++ b/2020/26xxx/CVE-2020-26886.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26886", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26886", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched", + "refsource": "MISC", + "name": "https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched" + }, + { + "url": "https://vulnerable.af", + "refsource": "MISC", + "name": "https://vulnerable.af" + }, + { + "refsource": "MISC", + "name": "https://vulnerable.af/posts/cve-2020-26886/", + "url": "https://vulnerable.af/posts/cve-2020-26886/" } ] } diff --git a/2020/36xxx/CVE-2020-36144.json b/2020/36xxx/CVE-2020-36144.json index be64de42365..10d292a40b5 100644 --- a/2020/36xxx/CVE-2020-36144.json +++ b/2020/36xxx/CVE-2020-36144.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[\"email\"], request.form[\"password\"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {\"username\": username} code lacks sanitization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/getredash/redash/releases", + "url": "https://github.com/getredash/redash/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/getredash/redash/issues/5426", + "url": "https://github.com/getredash/redash/issues/5426" } ] } diff --git a/2020/9xxx/CVE-2020-9367.json b/2020/9xxx/CVE-2020-9367.json index 265d8ce157d..99fdd3467c7 100644 --- a/2020/9xxx/CVE-2020-9367.json +++ b/2020/9xxx/CVE-2020-9367.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9367", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9367", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\\SYSTEM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/desktop-management-msp/dll-hijacking-vulnerability.html", + "url": "https://www.manageengine.com/desktop-management-msp/dll-hijacking-vulnerability.html" } ] } diff --git a/2021/25xxx/CVE-2021-25764.json b/2021/25xxx/CVE-2021-25764.json index 0b0d2e1ef62..6e1c3ac67d3 100644 --- a/2021/25xxx/CVE-2021-25764.json +++ b/2021/25xxx/CVE-2021-25764.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25764", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25764", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains PhpStorm before 2020.3, source code could be added to debug logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.jetbrains.com", + "refsource": "MISC", + "name": "https://blog.jetbrains.com" + }, + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/", + "url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/" } ] } diff --git a/2021/27xxx/CVE-2021-27358.json b/2021/27xxx/CVE-2021-27358.json index 934844c4186..7f4ea029781 100644 --- a/2021/27xxx/CVE-2021-27358.json +++ b/2021/27xxx/CVE-2021-27358.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27358", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27358", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The snapshot feature in Grafana before 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/grafana/grafana/blob/master/CHANGELOG.md", + "url": "https://github.com/grafana/grafana/blob/master/CHANGELOG.md" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/" } ] } diff --git a/2021/3xxx/CVE-2021-3416.json b/2021/3xxx/CVE-2021-3416.json index 4e2635beb0b..b0bff65bada 100644 --- a/2021/3xxx/CVE-2021-3416.json +++ b/2021/3xxx/CVE-2021-3416.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "versions up to and including 5.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/02/26/1", + "url": "https://www.openwall.com/lists/oss-security/2021/02/26/1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario." } ] }