admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-26 18:03:37 +00:00
parent 963f02a3ae
commit 4e23a7133c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
89 changed files with 1227 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
2020/12xxx/CVE-2020-12512.json
View File

@ -1,109 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-12512",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-01-04T11:00:00.000Z",
"TITLE": "Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"VDE-2020-038"
],
"advisory": "VDE-2020-038",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pepper+Fuchs",
"product": {
"product_data": [
{
"product_name": "Comtrol IO-Link Master",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<=",
"version_value": "1.5.48",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-12512",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-01-04T11:00:00.000Z",
"TITLE": "Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"VDE-2020-038"
],
"advisory": "VDE-2020-038",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pepper+Fuchs",
"product": {
"product_data": [
{
"product_name": "Comtrol IO-Link Master",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<=",
"version_value": "1.5.48",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
}
],
"credit": [
{
"lang": "eng",
"value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting "
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
}
],
"credit": [
{
"lang": "eng",
"value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE."
}
]
}

4
2020/13xxx/CVE-2020-13209.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13210.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13211.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13212.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13213.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13214.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13214",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13215.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13216.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13217.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13218.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13219.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13220.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13221.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

4
2020/13xxx/CVE-2020-13222.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2020-13222",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none."
}
]
}

5
2020/14xxx/CVE-2020-14872.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2020/14xxx/CVE-2020-14881.json
View File

@ -69,6 +69,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1278/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1278/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2020/14xxx/CVE-2020-14886.json
View File

@ -69,6 +69,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1280/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1280/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2020/14xxx/CVE-2020-14889.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2020/14xxx/CVE-2020-14892.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

71
2020/20xxx/CVE-2020-20269.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/careteditor/issues/issues/841",
"refsource": "MISC",
"name": "https://github.com/careteditor/issues/issues/841"
},
{
"refsource": "MISC",
"name": "https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22",
"url": "https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22"
},
{
"refsource": "MISC",
"name": "https://caret.io",
"url": "https://caret.io"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Jan/59",
"url": "https://seclists.org/fulldisclosure/2021/Jan/59"
}
]
}

5
2020/25xxx/CVE-2020-25683.json
View File

@ -58,6 +58,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-17",
"url": "https://security.gentoo.org/glsa/202101-17"
}
]
},

5
2020/26xxx/CVE-2020-26164.json
View File

@ -136,6 +136,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20201130 Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon",
"url": "http://www.openwall.com/lists/oss-security/2020/11/30/1"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-16",
"url": "https://security.gentoo.org/glsa/202101-16"
}
]
}

5
2020/26xxx/CVE-2020-26418.json
View File

@ -61,6 +61,11 @@
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-12",
"url": "https://security.gentoo.org/glsa/202101-12"
}
]
},

5
2020/26xxx/CVE-2020-26419.json
View File

@ -58,6 +58,11 @@
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-12",
"url": "https://security.gentoo.org/glsa/202101-12"
}
]
},

5
2020/26xxx/CVE-2020-26420.json
View File

@ -61,6 +61,11 @@
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-12",
"url": "https://security.gentoo.org/glsa/202101-12"
}
]
},

5
2020/26xxx/CVE-2020-26421.json
View File

@ -61,6 +61,11 @@
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-12",
"url": "https://security.gentoo.org/glsa/202101-12"
}
]
},

5
2020/26xxx/CVE-2020-26422.json
View File

@ -58,6 +58,11 @@
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-12",
"url": "https://security.gentoo.org/glsa/202101-12"
}
]
},

27
2020/28xxx/CVE-2020-28487.json
View File

@ -48,24 +48,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500",
"name": "https://snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1063501"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1063501",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1063501"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVISJS-1063502"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVISJS-1063502",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVISJS-1063502"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/visjs/vis-timeline/issues/838"
"refsource": "MISC",
"url": "https://github.com/visjs/vis-timeline/issues/838",
"name": "https://github.com/visjs/vis-timeline/issues/838"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/visjs/vis-timeline/pull/840"
"refsource": "MISC",
"url": "https://github.com/visjs/vis-timeline/pull/840",
"name": "https://github.com/visjs/vis-timeline/pull/840"
}
]
},
@ -73,7 +78,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package vis-timeline before 7.4.4.\n An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.\r\n\r\n\r\n"
"value": "This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application."
}
]
},

2
2021/21xxx/CVE-2021-21259.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode.\n\nDepending on the configuration of the instance, the attacker may not need authentication to create or edit notes.\n\nThe problem is patched in HedgeDoc 1.7.2.\n\n### Workarounds\nDisallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content.\n\n### References\nThis issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an topic on our community forum\n* Join our matrix room"
"value": "HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room"
}
]
},

2
2021/21xxx/CVE-2021-21260.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini.\nIn OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password.\nIt has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario."
"value": "Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario."
}
]
},

47
2021/21xxx/CVE-2021-21261.json
View File

@ -19,7 +19,7 @@
"version_value": ">= 0.11.4, < 1.8.5"
},
{
"version_value": ">= 1.9.0, < 1.9.4"
"version_value": ">= 1.9.0, < 1.10.0"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.9.4. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.9.4."
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0."
}
]
},
@ -77,40 +77,35 @@
"refsource": "CONFIRM",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2"
},
{
"name": "https://github.com/flatpak/flatpak/commit/57416f380600d9754df12baf5b227144ff1bb54d",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/57416f380600d9754df12baf5b227144ff1bb54d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6a11007021658518c088ba0cc5e4da27962a940a",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6a11007021658518c088ba0cc5e4da27962a940a"
},
{
"name": "https://github.com/flatpak/flatpak/commit/dcd24941c7087c5f7e8033abe50b178ac02a34af",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/dcd24941c7087c5f7e8033abe50b178ac02a34af"
},
{
"name": "https://github.com/flatpak/flatpak/commit/fb1eaefbceeb73f02eb1bc85865d74a414faf8b8",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/fb1eaefbceeb73f02eb1bc85865d74a414faf8b8"
},
{
"name": "https://github.com/flatpak/flatpak/releases/tag/1.8.5",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/releases/tag/1.8.5"
},
{
"refsource": "DEBIAN",
"name": "DSA-4830",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4830"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210121 CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2)",
"url": "http://www.openwall.com/lists/oss-security/2021/01/21/4"
"name": "https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b"
},
{
"name": "https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4"
},
{
"name": "https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba"
}
]
},

2
2021/21xxx/CVE-2021-21270.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. \n\nThis vulnerability is patched in version 4.0.1002.\n\n"
"value": "OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002."
}
]
},

18
2021/25xxx/CVE-2021-25846.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25847.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25847",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25848.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25848",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25849.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25850.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25850",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25851.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25852.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25853.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25854.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25855.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25856.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25857.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25858.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25859.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25860.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25861.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25862.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25863.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25864.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25865.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25865",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25866.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25866",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25867.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25868.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25869.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25869",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25870.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25871.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25871",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25872.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2021/2xxx/CVE-2021-2054.json
View File

@ -72,6 +72,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-083/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-083/"
}
]
}

5
2021/2xxx/CVE-2021-2073.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2074.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2111.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2112.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2119.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2120.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2121.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2123.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2124.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2126.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

5
2021/2xxx/CVE-2021-2128.json
View File

@ -64,6 +64,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-15",
"url": "https://security.gentoo.org/glsa/202101-15"
}
]
}

56
2021/3xxx/CVE-2021-3193.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access and command validation in the Nagios Docker config wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nagios.com/products/security/",
"refsource": "MISC",
"name": "https://www.nagios.com/products/security/"
}
]
}

18
2021/3xxx/CVE-2021-3228.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3229.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3230.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3231.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3232.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3233.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3234.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3235.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3236.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3236",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3237.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3238.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3239.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3240.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3241.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3242.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2021/3xxx/CVE-2021-3271.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/pressbooks/pressbooks/pull/2072",
"refsource": "MISC",
"name": "https://github.com/pressbooks/pressbooks/pull/2072"
},
{
"url": "https://github.com/pressbooks/pressbooks",
"refsource": "MISC",
"name": "https://github.com/pressbooks/pressbooks"
}
]
}
}