admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-08-20 18:00:56 +00:00
parent 783c6eb1fc
commit 4ee7a9025c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 564 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/12xxx/CVE-2017-12613.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
"url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
"url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E"
}
]
}

50
2021/21xxx/CVE-2021-21823.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Komoot",
"version": {
"version_data": [
{
"version_value": "Komoot GmbH Komoot 10.26.9 , Komoot GmbH Komoot 11.0.14 ,Komoot GmbH Komoot 11.1.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privacy violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1288",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1288"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information."
}
]
}

90
2021/22xxx/CVE-2021-22238.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=14.1, <14.1.2"
},
{
"version_value": ">=14.0, <14.0.7"
},
{
"version_value": ">13.3, <13.12.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1212067",
"url": "https://hackerone.com/reports/1212067",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/332420",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/332420",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22238.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [vakzz](https://hackerone.com/vakzz) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2021/22xxx/CVE-2021-22246.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=2.0, <13.11.6"
},
{
"version_value": ">=13.12, <13.12.6"
},
{
"version_value": ">=14.0, <14.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of resources without limits or throttling in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/280633",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/280633",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1029269",
"url": "https://hackerone.com/reports/1029269",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22246.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks afewgoats for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2021/22xxx/CVE-2021-22254.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.1, <13.12.9"
},
{
"version_value": ">=14.0, <14.0.7"
},
{
"version_value": ">=14.1, <14.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper encoding or escaping of output in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300265",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300265",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1087806",
"url": "https://hackerone.com/reports/1087806",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22254.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.0,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks ledz1996 for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

84
2021/22xxx/CVE-2021-22255.json
View File

@ -4,15 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baserow B.V.",
"product": {
"product_data": [
{
"product_name": "Baserow",
"version": {
"version_data": [
{
"version_value": ">0.6.0, <1.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-side request forgery (ssrf) in Baserow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/bramw/baserow/-/issues/370",
"url": "https://gitlab.com/bramw/baserow/-/issues/370",
"refsource": "MISC"
},
{
"name": "https://baserow.io/blog/march-2021-release-of-baserow",
"url": "https://baserow.io/blog/march-2021-release-of-baserow",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22255.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [CaptainFreak](https://github.com/CaptainFreak) for reporting this vulnerability and for advising how to fix it."
}
]
}

5
2021/31xxx/CVE-2021-31207.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-819/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-819/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html"
}
]
}

5
2021/34xxx/CVE-2021-34473.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-821/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-821/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html"
}
]
}

5
2021/34xxx/CVE-2021-34523.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-822/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-822/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html"
}
]
}

105
2021/35xxx/CVE-2021-35529.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachi-powergrids.com",
"DATE_PUBLIC": "2021-08-05T13:00:00.000Z",
"ID": "CVE-2021-35529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement Billing (CSB)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Retail Operations",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.7.2",
"version_value": "5.7.2"
}
]
}
},
{
"product_name": "Counterparty Settlement Billing (CSB)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.7.2",
"version_value": "5.7.2"
}
]
}
}
]
},
"vendor_name": "Hitachi ABB Power Grids"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5933&LanguageCode=en&DocumentPartId=&Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5821&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"solution": [
{
"lang": "eng",
"value": "- Vulnerability is remediated in Retail Operations v5.7.3\n- Vulnerability is remediated in CSB v5.7.3"
}
],
"source": {
"discovery": "USER"
}
}

66
2021/36xxx/CVE-2021-36748.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sorcery.ie",
"refsource": "MISC",
"name": "https://blog.sorcery.ie"
},
{
"url": "https://alysum5.promokit.eu/promokit/documentation/blog/",
"refsource": "MISC",
"name": "https://alysum5.promokit.eu/promokit/documentation/blog/"
},
{
"refsource": "MISC",
"name": "https://blog.sorcery.ie/posts/ph_simpleblog_sqli/",
"url": "https://blog.sorcery.ie/posts/ph_simpleblog_sqli/"
}
]
}