diff --git a/2021/33xxx/CVE-2021-33479.json b/2021/33xxx/CVE-2021-33479.json index 7792130d00e..914d649a9ca 100644 --- a/2021/33xxx/CVE-2021-33479.json +++ b/2021/33xxx/CVE-2021-33479.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gocr", + "version": { + "version_data": [ + { + "version_value": "gocr 0.53-20200802" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962861", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962861" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/jocr/bugs/39/", + "url": "https://sourceforge.net/p/jocr/bugs/39/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c." } ] } diff --git a/2021/33xxx/CVE-2021-33480.json b/2021/33xxx/CVE-2021-33480.json index 846f67a4d99..3612295c94f 100644 --- a/2021/33xxx/CVE-2021-33480.json +++ b/2021/33xxx/CVE-2021-33480.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gocr", + "version": { + "version_data": [ + { + "version_value": "gocr 0.53-20200802" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/jocr/bugs/40/", + "url": "https://sourceforge.net/p/jocr/bugs/40/" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/jocr/bugs/41/", + "url": "https://sourceforge.net/p/jocr/bugs/41/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c." } ] } diff --git a/2021/33xxx/CVE-2021-33481.json b/2021/33xxx/CVE-2021-33481.json index 492ff57b753..d66f14f2d56 100644 --- a/2021/33xxx/CVE-2021-33481.json +++ b/2021/33xxx/CVE-2021-33481.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gocr", + "version": { + "version_data": [ + { + "version_value": "gocr 0.53-20200802" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962865", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962865" + }, + { + "refsource": "MISC", + "name": "https://sourceforge.net/p/jocr/bugs/42/", + "url": "https://sourceforge.net/p/jocr/bugs/42/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c." } ] } diff --git a/2021/35xxx/CVE-2021-35528.json b/2021/35xxx/CVE-2021-35528.json index e9ca626b4f2..eaa94ab4cb6 100644 --- a/2021/35xxx/CVE-2021-35528.json +++ b/2021/35xxx/CVE-2021-35528.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@hitachienergy.com", + "DATE_PUBLIC": "2021-11-04T16:00:00.000Z", "ID": "CVE-2021-35528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Operations", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.7.3", + "version_value": "5.7.3.1" + } + ] + } + }, + { + "product_name": "Counterparty Settlement and Billing (CSB)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.7.3", + "version_value": "5.7.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Hitachi Energy" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "CONFIRM", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000067&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "CONFIRM", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000068&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "- Vulnerability is remediated in Retail Operations v5.7.3.1\n- Vulnerability is remediated in CSB v5.7.3.1" + } + ], + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3973.json b/2021/3xxx/CVE-2021-3973.json new file mode 100644 index 00000000000..7a48ae7502b --- /dev/null +++ b/2021/3xxx/CVE-2021-3973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41720.json b/2021/41xxx/CVE-2021-41720.json index 8c7187c7351..c8f214e491b 100644 --- a/2021/41xxx/CVE-2021-41720.json +++ b/2021/41xxx/CVE-2021-41720.json @@ -56,6 +56,11 @@ "url": "https://github.com/lodash/lodash/issues/5261", "refsource": "MISC", "name": "https://github.com/lodash/lodash/issues/5261" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20211004200531/https:/github.com/lodash/lodash/issues/5261", + "url": "https://web.archive.org/web/20211004200531/https:/github.com/lodash/lodash/issues/5261" } ] } diff --git a/2021/42xxx/CVE-2021-42360.json b/2021/42xxx/CVE-2021-42360.json index 7993cb6d34b..7deefc5296f 100644 --- a/2021/42xxx/CVE-2021-42360.json +++ b/2021/42xxx/CVE-2021-42360.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@wordfence.com", "ID": "CVE-2021-42360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Starter Templates \u2014 Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Starter Templates \u2014 Elementor, Gutenberg & Beaver Builder Templates", + "version": { + "version_data": [ + { + "platform": "WordPress", + "version_affected": "<=", + "version_name": "2.7.0", + "version_value": "2.7.0" + } + ] + } + } + ] + }, + "vendor_name": "BrainStormForce" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-99 Improper Control of Resource Identifiers ('Resource Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/", + "name": "https://www.wordfence.com/blog/2021/11/over-1-million-sites-impacted-by-vulnerability-in-starter-templates-plugin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42362.json b/2021/42xxx/CVE-2021-42362.json index 4564bda05a1..45d9114d108 100644 --- a/2021/42xxx/CVE-2021-42362.json +++ b/2021/42xxx/CVE-2021-42362.json @@ -1,18 +1,116 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-11-12T13:26:00.000Z", "ID": "CVE-2021-42362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WordPress Popular Posts", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.3.2", + "version_value": "5.3.2" + } + ] + } + } + ] + }, + "vendor_name": "WordPress Popular Posts" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Original Researcher: Jerome Bruandet, NinTechNet Exploit Author: Simone Cristofaro" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": "8.8", + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/", + "name": "https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/" + }, + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php", + "name": "https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009", + "name": "https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 5.3.3 or newer. " + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43338.json b/2021/43xxx/CVE-2021-43338.json new file mode 100644 index 00000000000..ba673ca7941 --- /dev/null +++ b/2021/43xxx/CVE-2021-43338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43338", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43339.json b/2021/43xxx/CVE-2021-43339.json index 12ac10a26e3..7e8abb6d8bc 100644 --- a/2021/43xxx/CVE-2021-43339.json +++ b/2021/43xxx/CVE-2021-43339.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality." + "value": "In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50469", + "url": "https://www.exploit-db.com/exploits/50469" + }, { "url": "https://pentest.com.tr/blog/RCE-via-Meow-Variant-along-with-an-Example-0day-PacketHackingVillage-Defcon29.html", "refsource": "MISC", diff --git a/2021/43xxx/CVE-2021-43617.json b/2021/43xxx/CVE-2021-43617.json index 58e932a71f0..ed5ae97c103 100644 --- a/2021/43xxx/CVE-2021-43617.json +++ b/2021/43xxx/CVE-2021-43617.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. In some use cases, this may be related to file-type validation for image upload (e.g., differences between getClientOriginalExtension and other approaches)." + "value": "Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload." } ] }, @@ -52,21 +52,11 @@ }, "references": { "reference_data": [ - { - "url": "https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b", - "refsource": "MISC", - "name": "https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b" - }, { "url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333", "refsource": "MISC", "name": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1331-L1333" }, - { - "url": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1130-L1132", - "refsource": "MISC", - "name": "https://github.com/laravel/framework/blob/2049de73aa099a113a287587df4cc522c90961f5/src/Illuminate/Validation/Concerns/ValidatesAttributes.php#L1130-L1132" - }, { "url": "https://salsa.debian.org/php-team/php/-/commit/dc253886b5b2e9bc8d9e36db787abb083a667fd8", "refsource": "MISC", diff --git a/2021/43xxx/CVE-2021-43978.json b/2021/43xxx/CVE-2021-43978.json new file mode 100644 index 00000000000..98a0934e273 --- /dev/null +++ b/2021/43xxx/CVE-2021-43978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file