admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-14 17:00:44 +00:00
parent 1a60aae6e1
commit 50f38a32b8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 477 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/35xxx/CVE-2020-35418.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html",
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-stored-xss-via-svg-file.html"
}
]
}

56
2020/35xxx/CVE-2020-35419.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/",
"refsource": "MISC",
"name": "https://fatihhcelik.github.io/posts/Group-Office-CRM-Stored-XSS-via-SVG-File/"
}
]
}

61
2021/28xxx/CVE-2021-28060.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html",
"url": "https://fatihhcelik.blogspot.com/2020/12/group-office-crm-ssrf.html"
},
{
"url": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/",
"refsource": "MISC",
"name": "https://fatihhcelik.github.io/posts/Group-Office-CRM-SSRF/"
}
]
}

212
2021/28xxx/CVE-2021-28825.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-14T17:00:00Z",
"ID": "CVE-2021-28825",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition versions 1.3.0 and below update to version 2.0.7 or higher\nTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition versions 1.3.0 and below update to version 2.0.7 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-14T17:00:00Z",
"ID": "CVE-2021-28825",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition versions 1.3.0 and below update to version 2.0.7 or higher\nTIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition versions 1.3.0 and below update to version 2.0.7 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}

212
2021/28xxx/CVE-2021-28826.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-14T17:00:00Z",
"ID": "CVE-2021-28826",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition versions 1.3.0 and below update to version 2.0.7 or higher\nTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition versions 1.3.0 and below update to version 2.0.7 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-04-14T17:00:00Z",
"ID": "CVE-2021-28826",
"STATE": "PUBLIC",
"TITLE": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Windows Platform Installation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
},
{
"product_name": "TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition versions 1.3.0 and below update to version 2.0.7 or higher\nTIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition versions 1.3.0 and below update to version 2.0.7 or higher"
}
],
"source": {
"discovery": "Will Dormann of CERT/CC"
}
}

61
2021/28xxx/CVE-2021-28855.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.github.io/posts/NULL-Pointer-Dereference-Deark/",
"refsource": "MISC",
"name": "https://fatihhcelik.github.io/posts/NULL-Pointer-Dereference-Deark/"
},
{
"refsource": "MISC",
"name": "https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb",
"url": "https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb"
}
]
}

61
2021/28xxx/CVE-2021-28856.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://fatihhcelik.github.io/posts/Division-By-Zero-Deark/",
"refsource": "MISC",
"name": "https://fatihhcelik.github.io/posts/Division-By-Zero-Deark/"
},
{
"refsource": "MISC",
"name": "https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334",
"url": "https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334"
}
]
}