From 530be22a6184ed4e3f3781b022ed3eeced44e8e8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 21 Jul 2021 00:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10878.json | 4 +- 2020/11xxx/CVE-2020-11022.json | 4 +- 2020/11xxx/CVE-2020-11023.json | 4 +- 2020/11xxx/CVE-2020-11080.json | 4 +- 2020/11xxx/CVE-2020-11612.json | 4 +- 2020/11xxx/CVE-2020-11868.json | 34 ++++---- 2020/11xxx/CVE-2020-11973.json | 4 +- 2020/11xxx/CVE-2020-11979.json | 4 +- 2020/11xxx/CVE-2020-11987.json | 4 +- 2020/11xxx/CVE-2020-11988.json | 4 +- 2020/11xxx/CVE-2020-11998.json | 4 +- 2020/12xxx/CVE-2020-12723.json | 4 +- 2020/13xxx/CVE-2020-13934.json | 4 +- 2020/13xxx/CVE-2020-13935.json | 4 +- 2020/13xxx/CVE-2020-13949.json | 4 +- 2020/13xxx/CVE-2020-13956.json | 4 +- 2020/14xxx/CVE-2020-14060.json | 4 +- 2020/14xxx/CVE-2020-14061.json | 4 +- 2020/14xxx/CVE-2020-14062.json | 4 +- 2020/14xxx/CVE-2020-14195.json | 4 +- 2020/15xxx/CVE-2020-15389.json | 4 +- 2020/17xxx/CVE-2020-17521.json | 4 +- 2020/17xxx/CVE-2020-17527.json | 4 +- 2020/17xxx/CVE-2020-17530.json | 4 +- 2020/1xxx/CVE-2020-1941.json | 4 +- 2020/1xxx/CVE-2020-1945.json | 4 +- 2020/1xxx/CVE-2020-1967.json | 4 +- 2020/1xxx/CVE-2020-1968.json | 4 +- 2020/1xxx/CVE-2020-1971.json | 4 +- 2020/24xxx/CVE-2020-24553.json | 4 +- 2020/24xxx/CVE-2020-24616.json | 4 +- 2020/24xxx/CVE-2020-24750.json | 4 +- 2020/25xxx/CVE-2020-25638.json | 4 +- 2020/25xxx/CVE-2020-25648.json | 4 +- 2020/25xxx/CVE-2020-25649.json | 4 +- 2020/26xxx/CVE-2020-26217.json | 4 +- 2020/26xxx/CVE-2020-26870.json | 6 +- 2020/27xxx/CVE-2020-27193.json | 4 +- 2020/27xxx/CVE-2020-27216.json | 4 +- 2020/27xxx/CVE-2020-27218.json | 4 +- 2020/27xxx/CVE-2020-27783.json | 8 +- 2020/27xxx/CVE-2020-27814.json | 4 +- 2020/27xxx/CVE-2020-27841.json | 4 +- 2020/27xxx/CVE-2020-27842.json | 4 +- 2020/27xxx/CVE-2020-27843.json | 4 +- 2020/27xxx/CVE-2020-27844.json | 4 +- 2020/27xxx/CVE-2020-27845.json | 4 +- 2020/28xxx/CVE-2020-28052.json | 4 +- 2020/28xxx/CVE-2020-28196.json | 4 +- 2020/28xxx/CVE-2020-28500.json | 8 +- 2020/28xxx/CVE-2020-28928.json | 14 +-- 2020/29xxx/CVE-2020-29582.json | 14 +-- 2020/2xxx/CVE-2020-2604.json | 28 +++--- 2020/35xxx/CVE-2020-35490.json | 4 +- 2020/35xxx/CVE-2020-35491.json | 4 +- 2020/35xxx/CVE-2020-35728.json | 4 +- 2020/36xxx/CVE-2020-36179.json | 4 +- 2020/36xxx/CVE-2020-36180.json | 4 +- 2020/36xxx/CVE-2020-36181.json | 4 +- 2020/36xxx/CVE-2020-36182.json | 4 +- 2020/36xxx/CVE-2020-36183.json | 4 +- 2020/36xxx/CVE-2020-36184.json | 4 +- 2020/36xxx/CVE-2020-36185.json | 4 +- 2020/36xxx/CVE-2020-36186.json | 4 +- 2020/36xxx/CVE-2020-36187.json | 4 +- 2020/36xxx/CVE-2020-36188.json | 4 +- 2020/36xxx/CVE-2020-36189.json | 4 +- 2020/5xxx/CVE-2020-5258.json | 4 +- 2020/5xxx/CVE-2020-5397.json | 4 +- 2020/5xxx/CVE-2020-5398.json | 4 +- 2020/5xxx/CVE-2020-5413.json | 4 +- 2020/5xxx/CVE-2020-5421.json | 4 +- 2020/7xxx/CVE-2020-7016.json | 4 +- 2021/2xxx/CVE-2021-2244.json | 6 +- 2021/2xxx/CVE-2021-2323.json | 143 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2324.json | 135 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2326.json | 135 +++++++++++++++-------------- 2021/2xxx/CVE-2021-2328.json | 143 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2329.json | 143 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2330.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2333.json | 143 ++++++++++++++++--------------- 2021/2xxx/CVE-2021-2448.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2449.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2450.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2451.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2452.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2453.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2454.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2455.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2456.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2457.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2458.json | 151 +++++++++++++++++---------------- 2021/2xxx/CVE-2021-2460.json | 127 +++++++++++++-------------- 2021/2xxx/CVE-2021-2462.json | 151 +++++++++++++++++---------------- 2021/2xxx/CVE-2021-2463.json | 151 +++++++++++++++++---------------- 2021/32xxx/CVE-2021-32751.json | 2 +- 96 files changed, 1705 insertions(+), 1498 deletions(-) diff --git a/2020/10xxx/CVE-2020-10878.json b/2020/10xxx/CVE-2020-10878.json index 7a79afcf1cb..f738d2705de 100644 --- a/2020/10xxx/CVE-2020-10878.json +++ b/2020/10xxx/CVE-2020-10878.json @@ -108,7 +108,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/11xxx/CVE-2020-11022.json b/2020/11xxx/CVE-2020-11022.json index 6fcfb48e367..31b83670eac 100644 --- a/2020/11xxx/CVE-2020-11022.json +++ b/2020/11xxx/CVE-2020-11022.json @@ -250,7 +250,9 @@ "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11023.json b/2020/11xxx/CVE-2020-11023.json index 1216ac28122..972fa07ed5c 100644 --- a/2020/11xxx/CVE-2020-11023.json +++ b/2020/11xxx/CVE-2020-11023.json @@ -360,7 +360,9 @@ "url": "http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11080.json b/2020/11xxx/CVE-2020-11080.json index ca3976a83ed..6439c31a744 100644 --- a/2020/11xxx/CVE-2020-11080.json +++ b/2020/11xxx/CVE-2020-11080.json @@ -120,7 +120,9 @@ "name": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11612.json b/2020/11xxx/CVE-2020-11612.json index bb4fab74c13..2ad9358962c 100644 --- a/2020/11xxx/CVE-2020-11612.json +++ b/2020/11xxx/CVE-2020-11612.json @@ -268,7 +268,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/11xxx/CVE-2020-11868.json b/2020/11xxx/CVE-2020-11868.json index 27f16482435..ab0bf262030 100644 --- a/2020/11xxx/CVE-2020-11868.json +++ b/2020/11xxx/CVE-2020-11868.json @@ -52,21 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://support.ntp.org/bin/view/Main/NtpBug3592", - "refsource": "MISC", - "name": "http://support.ntp.org/bin/view/Main/NtpBug3592" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20200424-0002/", - "url": "https://security.netapp.com/advisory/ntap-20200424-0002/" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2201-1] ntp security update", @@ -88,7 +73,24 @@ "url": "https://security.gentoo.org/glsa/202007-12" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + { + "url": "http://support.ntp.org/bin/view/Main/NtpBug3592", + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/NtpBug3592" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200424-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200424-0002/" } ] }, diff --git a/2020/11xxx/CVE-2020-11973.json b/2020/11xxx/CVE-2020-11973.json index f349e4b852b..e2673634ada 100644 --- a/2020/11xxx/CVE-2020-11973.json +++ b/2020/11xxx/CVE-2020-11973.json @@ -70,7 +70,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11979.json b/2020/11xxx/CVE-2020-11979.json index 1d9493810b1..1f365a95815 100644 --- a/2020/11xxx/CVE-2020-11979.json +++ b/2020/11xxx/CVE-2020-11979.json @@ -136,7 +136,9 @@ "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/11xxx/CVE-2020-11987.json b/2020/11xxx/CVE-2020-11987.json index 5b6e2ec3b3a..4e6d5efecd6 100644 --- a/2020/11xxx/CVE-2020-11987.json +++ b/2020/11xxx/CVE-2020-11987.json @@ -75,7 +75,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11988.json b/2020/11xxx/CVE-2020-11988.json index 2b37a5289fc..026b69daa7c 100644 --- a/2020/11xxx/CVE-2020-11988.json +++ b/2020/11xxx/CVE-2020-11988.json @@ -75,7 +75,9 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22HESSYU7T4D6GGENUVEX3X3H6FGBECH/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11998.json b/2020/11xxx/CVE-2020-11998.json index bbd0af0c666..39040f9cfc4 100644 --- a/2020/11xxx/CVE-2020-11998.json +++ b/2020/11xxx/CVE-2020-11998.json @@ -70,7 +70,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/12xxx/CVE-2020-12723.json b/2020/12xxx/CVE-2020-12723.json index ba8d2b26bb2..9dadb4fad6c 100644 --- a/2020/12xxx/CVE-2020-12723.json +++ b/2020/12xxx/CVE-2020-12723.json @@ -113,7 +113,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/13xxx/CVE-2020-13934.json b/2020/13xxx/CVE-2020-13934.json index b1c62c66785..dd187efe0b3 100644 --- a/2020/13xxx/CVE-2020-13934.json +++ b/2020/13xxx/CVE-2020-13934.json @@ -100,7 +100,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/13xxx/CVE-2020-13935.json b/2020/13xxx/CVE-2020-13935.json index afae69534d4..22b371ec7db 100644 --- a/2020/13xxx/CVE-2020-13935.json +++ b/2020/13xxx/CVE-2020-13935.json @@ -110,7 +110,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/13xxx/CVE-2020-13949.json b/2020/13xxx/CVE-2020-13949.json index f2c9152aadd..6a3c6f93223 100644 --- a/2020/13xxx/CVE-2020-13949.json +++ b/2020/13xxx/CVE-2020-13949.json @@ -500,7 +500,9 @@ "url": "https://security.gentoo.org/glsa/202107-32" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/13xxx/CVE-2020-13956.json b/2020/13xxx/CVE-2020-13956.json index 8024923bd63..40a2a6fc5cc 100644 --- a/2020/13xxx/CVE-2020-13956.json +++ b/2020/13xxx/CVE-2020-13956.json @@ -260,7 +260,9 @@ "url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/14xxx/CVE-2020-14060.json b/2020/14xxx/CVE-2020-14060.json index e8d86408f9a..0e36868d088 100644 --- a/2020/14xxx/CVE-2020-14060.json +++ b/2020/14xxx/CVE-2020-14060.json @@ -88,7 +88,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/14xxx/CVE-2020-14061.json b/2020/14xxx/CVE-2020-14061.json index 4f8a1891166..d6c9253eda1 100644 --- a/2020/14xxx/CVE-2020-14061.json +++ b/2020/14xxx/CVE-2020-14061.json @@ -88,7 +88,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/14xxx/CVE-2020-14062.json b/2020/14xxx/CVE-2020-14062.json index dd642baa80f..79cb5c8a196 100644 --- a/2020/14xxx/CVE-2020-14062.json +++ b/2020/14xxx/CVE-2020-14062.json @@ -88,7 +88,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/14xxx/CVE-2020-14195.json b/2020/14xxx/CVE-2020-14195.json index 8f71256db7d..85aed13750f 100644 --- a/2020/14xxx/CVE-2020-14195.json +++ b/2020/14xxx/CVE-2020-14195.json @@ -83,7 +83,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/15xxx/CVE-2020-15389.json b/2020/15xxx/CVE-2020-15389.json index 4abce7598d7..a59d0dbf96f 100644 --- a/2020/15xxx/CVE-2020-15389.json +++ b/2020/15xxx/CVE-2020-15389.json @@ -83,7 +83,9 @@ "url": "https://www.debian.org/security/2021/dsa-4882" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/17xxx/CVE-2020-17521.json b/2020/17xxx/CVE-2020-17521.json index a113e2457b5..2f1a1c95f63 100644 --- a/2020/17xxx/CVE-2020-17521.json +++ b/2020/17xxx/CVE-2020-17521.json @@ -89,7 +89,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/17xxx/CVE-2020-17527.json b/2020/17xxx/CVE-2020-17527.json index 9f5e83bdd44..fecd7293d0e 100644 --- a/2020/17xxx/CVE-2020-17527.json +++ b/2020/17xxx/CVE-2020-17527.json @@ -180,7 +180,9 @@ "url": "https://security.netapp.com/advisory/ntap-20201210-0003/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/17xxx/CVE-2020-17530.json b/2020/17xxx/CVE-2020-17530.json index ec0fffe3b6b..281e200aa33 100644 --- a/2020/17xxx/CVE-2020-17530.json +++ b/2020/17xxx/CVE-2020-17530.json @@ -75,7 +75,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1941.json b/2020/1xxx/CVE-2020-1941.json index 5310c759510..e9652bfc1c0 100644 --- a/2020/1xxx/CVE-2020-1941.json +++ b/2020/1xxx/CVE-2020-1941.json @@ -80,7 +80,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1945.json b/2020/1xxx/CVE-2020-1945.json index f9298d8553d..16da00e7f5f 100644 --- a/2020/1xxx/CVE-2020-1945.json +++ b/2020/1xxx/CVE-2020-1945.json @@ -290,7 +290,9 @@ "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1967.json b/2020/1xxx/CVE-2020-1967.json index f539d930e2f..36a216196fc 100644 --- a/2020/1xxx/CVE-2020-1967.json +++ b/2020/1xxx/CVE-2020-1967.json @@ -218,7 +218,9 @@ "url": "https://www.tenable.com/security/tns-2021-10" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/1xxx/CVE-2020-1968.json b/2020/1xxx/CVE-2020-1968.json index 9188c6eddde..92d708578d0 100644 --- a/2020/1xxx/CVE-2020-1968.json +++ b/2020/1xxx/CVE-2020-1968.json @@ -98,7 +98,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/1xxx/CVE-2020-1971.json b/2020/1xxx/CVE-2020-1971.json index 804f46d7274..859d5d25c55 100644 --- a/2020/1xxx/CVE-2020-1971.json +++ b/2020/1xxx/CVE-2020-1971.json @@ -171,7 +171,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/24xxx/CVE-2020-24553.json b/2020/24xxx/CVE-2020-24553.json index adc886d3859..f30fd0c0400 100644 --- a/2020/24xxx/CVE-2020-24553.json +++ b/2020/24xxx/CVE-2020-24553.json @@ -98,7 +98,9 @@ "url": "https://security.netapp.com/advisory/ntap-20200924-0003/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/24xxx/CVE-2020-24616.json b/2020/24xxx/CVE-2020-24616.json index 574e1891d80..44392ef1270 100644 --- a/2020/24xxx/CVE-2020-24616.json +++ b/2020/24xxx/CVE-2020-24616.json @@ -83,7 +83,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/24xxx/CVE-2020-24750.json b/2020/24xxx/CVE-2020-24750.json index 95d46086e7c..6f5a65f85f3 100644 --- a/2020/24xxx/CVE-2020-24750.json +++ b/2020/24xxx/CVE-2020-24750.json @@ -83,7 +83,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/25xxx/CVE-2020-25638.json b/2020/25xxx/CVE-2020-25638.json index 48774160a7e..5670f7d5946 100644 --- a/2020/25xxx/CVE-2020-25638.json +++ b/2020/25xxx/CVE-2020-25638.json @@ -60,7 +60,9 @@ "url": "https://www.debian.org/security/2021/dsa-4908" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25648.json b/2020/25xxx/CVE-2020-25648.json index 5042546ffe9..761f950c9fd 100644 --- a/2020/25xxx/CVE-2020-25648.json +++ b/2020/25xxx/CVE-2020-25648.json @@ -75,7 +75,9 @@ "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25649.json b/2020/25xxx/CVE-2020-25649.json index 74a8355c2a8..83cc6985af2 100644 --- a/2020/25xxx/CVE-2020-25649.json +++ b/2020/25xxx/CVE-2020-25649.json @@ -345,7 +345,9 @@ "url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/26xxx/CVE-2020-26217.json b/2020/26xxx/CVE-2020-26217.json index ff0d52209e6..90bfdb50034 100644 --- a/2020/26xxx/CVE-2020-26217.json +++ b/2020/26xxx/CVE-2020-26217.json @@ -120,7 +120,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210409-0004/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/26xxx/CVE-2020-26870.json b/2020/26xxx/CVE-2020-26870.json index 9706f3ed409..4da14a2c3d1 100644 --- a/2020/26xxx/CVE-2020-26870.json +++ b/2020/26xxx/CVE-2020-26870.json @@ -74,11 +74,13 @@ }, { "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870", - "refsource":"MS", + "refsource": "MS", "name": "Visual Studio Remote Code Execution Vulnerability" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/27xxx/CVE-2020-27193.json b/2020/27xxx/CVE-2020-27193.json index 449419c1a90..66875d9d719 100644 --- a/2020/27xxx/CVE-2020-27193.json +++ b/2020/27xxx/CVE-2020-27193.json @@ -73,7 +73,9 @@ "url": "https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index 5a145c645c7..ef95452dc59 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -747,7 +747,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/27xxx/CVE-2020-27218.json b/2020/27xxx/CVE-2020-27218.json index bba4463e25f..d3fec1c2bf8 100644 --- a/2020/27xxx/CVE-2020-27218.json +++ b/2020/27xxx/CVE-2020-27218.json @@ -624,7 +624,9 @@ "url": "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/27xxx/CVE-2020-27783.json b/2020/27xxx/CVE-2020-27783.json index 4bd9931147b..8dcd1459bea 100644 --- a/2020/27xxx/CVE-2020-27783.json +++ b/2020/27xxx/CVE-2020-27783.json @@ -69,6 +69,11 @@ "name": "FEDORA-2020-307946cfb6", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/" }, + { + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, { "refsource": "MISC", "name": "https://advisory.checkmarx.net/advisory/CX-2020-4286", @@ -78,9 +83,6 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210521-0003/", "url": "https://security.netapp.com/advisory/ntap-20210521-0003/" - }, - { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27814.json b/2020/27xxx/CVE-2020-27814.json index 06c49b792dd..abc584ffb07 100644 --- a/2020/27xxx/CVE-2020-27814.json +++ b/2020/27xxx/CVE-2020-27814.json @@ -70,7 +70,9 @@ "url": "https://www.debian.org/security/2021/dsa-4882" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27841.json b/2020/27xxx/CVE-2020-27841.json index b1f0654f3ed..6a31311dbf7 100644 --- a/2020/27xxx/CVE-2020-27841.json +++ b/2020/27xxx/CVE-2020-27841.json @@ -75,7 +75,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27842.json b/2020/27xxx/CVE-2020-27842.json index d93e6862490..ca4ef74a595 100644 --- a/2020/27xxx/CVE-2020-27842.json +++ b/2020/27xxx/CVE-2020-27842.json @@ -70,7 +70,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27843.json b/2020/27xxx/CVE-2020-27843.json index c7e975f52a0..000d34d4529 100644 --- a/2020/27xxx/CVE-2020-27843.json +++ b/2020/27xxx/CVE-2020-27843.json @@ -70,7 +70,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27844.json b/2020/27xxx/CVE-2020-27844.json index d224173caca..08ed97f1a7c 100644 --- a/2020/27xxx/CVE-2020-27844.json +++ b/2020/27xxx/CVE-2020-27844.json @@ -65,7 +65,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/27xxx/CVE-2020-27845.json b/2020/27xxx/CVE-2020-27845.json index 59cc4530738..66395591ac8 100644 --- a/2020/27xxx/CVE-2020-27845.json +++ b/2020/27xxx/CVE-2020-27845.json @@ -75,7 +75,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/28xxx/CVE-2020-28052.json b/2020/28xxx/CVE-2020-28052.json index b803406ddc2..68ac7a58ce7 100644 --- a/2020/28xxx/CVE-2020-28052.json +++ b/2020/28xxx/CVE-2020-28052.json @@ -108,7 +108,9 @@ "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/28xxx/CVE-2020-28196.json b/2020/28xxx/CVE-2020-28196.json index 6fa5261b39a..47e279831af 100644 --- a/2020/28xxx/CVE-2020-28196.json +++ b/2020/28xxx/CVE-2020-28196.json @@ -113,7 +113,9 @@ "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/28xxx/CVE-2020-28500.json b/2020/28xxx/CVE-2020-28500.json index 0e545f165e9..2768f5af49f 100644 --- a/2020/28xxx/CVE-2020-28500.json +++ b/2020/28xxx/CVE-2020-28500.json @@ -86,13 +86,15 @@ "url": "https://github.com/lodash/lodash/pull/5065", "name": "https://github.com/lodash/lodash/pull/5065" }, + { + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210312-0006/", "url": "https://security.netapp.com/advisory/ntap-20210312-0006/" - }, - { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/28xxx/CVE-2020-28928.json b/2020/28xxx/CVE-2020-28928.json index 022532370ce..8c89d9d7a2f 100644 --- a/2020/28xxx/CVE-2020-28928.json +++ b/2020/28xxx/CVE-2020-28928.json @@ -57,11 +57,6 @@ "refsource": "MISC", "name": "https://musl.libc.org/releases.html" }, - { - "refsource": "CONFIRM", - "name": "http://www.openwall.com/lists/oss-security/2020/11/20/4", - "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update", @@ -93,7 +88,14 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/11/20/4", + "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4" } ] } diff --git a/2020/29xxx/CVE-2020-29582.json b/2020/29xxx/CVE-2020-29582.json index 4d8c368f825..5759e535023 100644 --- a/2020/29xxx/CVE-2020-29582.json +++ b/2020/29xxx/CVE-2020-29582.json @@ -57,18 +57,20 @@ "refsource": "MISC", "name": "https://blog.jetbrains.com" }, - { - "refsource": "MISC", - "name": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/", - "url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/" - }, { "refsource": "MLIST", "name": "[kafka-users] 20210617 vulnerabilities", "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/", + "url": "https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index 36604085596..e988b7c854b 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -64,11 +64,6 @@ }, "references": { "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujan2020.html", - "refsource": "MISC", - "name": "https://www.oracle.com/security-alerts/cpujan2020.html" - }, { "refsource": "REDHAT", "name": "RHSA-2020:0128", @@ -84,11 +79,6 @@ "name": "RHSA-2020:0196", "url": "https://access.redhat.com/errata/RHSA-2020:0196" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", - "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0113", @@ -170,9 +160,9 @@ "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html" }, { - "refsource": "CONFIRM", - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315" + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "refsource": "GENTOO", @@ -183,7 +173,17 @@ "url": "https://www.oracle.com/security-alerts/cpujul2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2021.html" - } + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10315" + } ] } } \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35490.json b/2020/35xxx/CVE-2020-35490.json index 2f66a003c2c..6c95168c917 100644 --- a/2020/35xxx/CVE-2020-35490.json +++ b/2020/35xxx/CVE-2020-35490.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210122-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/35xxx/CVE-2020-35491.json b/2020/35xxx/CVE-2020-35491.json index fbc66e8d877..d9f54c1c18c 100644 --- a/2020/35xxx/CVE-2020-35491.json +++ b/2020/35xxx/CVE-2020-35491.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210122-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/35xxx/CVE-2020-35728.json b/2020/35xxx/CVE-2020-35728.json index 79a775b0c3e..e156ac58a38 100644 --- a/2020/35xxx/CVE-2020-35728.json +++ b/2020/35xxx/CVE-2020-35728.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210129-0007/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36179.json b/2020/36xxx/CVE-2020-36179.json index 9aed4d6e052..85f9c9d99ab 100644 --- a/2020/36xxx/CVE-2020-36179.json +++ b/2020/36xxx/CVE-2020-36179.json @@ -83,7 +83,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36180.json b/2020/36xxx/CVE-2020-36180.json index c512d820d62..1abfdb93267 100644 --- a/2020/36xxx/CVE-2020-36180.json +++ b/2020/36xxx/CVE-2020-36180.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36181.json b/2020/36xxx/CVE-2020-36181.json index 70a72fed225..45f615e3c1a 100644 --- a/2020/36xxx/CVE-2020-36181.json +++ b/2020/36xxx/CVE-2020-36181.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36182.json b/2020/36xxx/CVE-2020-36182.json index 3cd8271ff5b..318124c446d 100644 --- a/2020/36xxx/CVE-2020-36182.json +++ b/2020/36xxx/CVE-2020-36182.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36183.json b/2020/36xxx/CVE-2020-36183.json index 4a7756d92d6..8313da38d60 100644 --- a/2020/36xxx/CVE-2020-36183.json +++ b/2020/36xxx/CVE-2020-36183.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36184.json b/2020/36xxx/CVE-2020-36184.json index ad0c5e04c65..1ce84931fc4 100644 --- a/2020/36xxx/CVE-2020-36184.json +++ b/2020/36xxx/CVE-2020-36184.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36185.json b/2020/36xxx/CVE-2020-36185.json index 7eeefc0fe70..9c6b83b6a6a 100644 --- a/2020/36xxx/CVE-2020-36185.json +++ b/2020/36xxx/CVE-2020-36185.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36186.json b/2020/36xxx/CVE-2020-36186.json index 2fb1e7bf4db..3f99877a12f 100644 --- a/2020/36xxx/CVE-2020-36186.json +++ b/2020/36xxx/CVE-2020-36186.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36187.json b/2020/36xxx/CVE-2020-36187.json index 7cc5277e429..069ed4f14f4 100644 --- a/2020/36xxx/CVE-2020-36187.json +++ b/2020/36xxx/CVE-2020-36187.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36188.json b/2020/36xxx/CVE-2020-36188.json index 69596cc51cb..bb78ab1d68a 100644 --- a/2020/36xxx/CVE-2020-36188.json +++ b/2020/36xxx/CVE-2020-36188.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36189.json b/2020/36xxx/CVE-2020-36189.json index 7d22aee3432..f351c578d83 100644 --- a/2020/36xxx/CVE-2020-36189.json +++ b/2020/36xxx/CVE-2020-36189.json @@ -78,7 +78,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 541f34d00a2..519e0a3b3d2 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -117,7 +117,9 @@ "url": "https://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3@%3Cusers.qpid.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index 6126fc8fb81..d9b96b42527 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -80,7 +80,9 @@ "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5398.json b/2020/5xxx/CVE-2020-5398.json index a7c06626ac1..8a4fed245d0 100644 --- a/2020/5xxx/CVE-2020-5398.json +++ b/2020/5xxx/CVE-2020-5398.json @@ -270,7 +270,9 @@ "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5413.json b/2020/5xxx/CVE-2020-5413.json index 13535c17ca3..9d86864449d 100644 --- a/2020/5xxx/CVE-2020-5413.json +++ b/2020/5xxx/CVE-2020-5413.json @@ -85,7 +85,9 @@ "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5421.json b/2020/5xxx/CVE-2020-5421.json index f5be8d0a9d6..536af78c7d0 100644 --- a/2020/5xxx/CVE-2020-5421.json +++ b/2020/5xxx/CVE-2020-5421.json @@ -175,7 +175,9 @@ "url": "https://security.netapp.com/advisory/ntap-20210513-0009/" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7016.json b/2020/7xxx/CVE-2020-7016.json index 4122ace6dd6..6ae070543c4 100644 --- a/2020/7xxx/CVE-2020-7016.json +++ b/2020/7xxx/CVE-2020-7016.json @@ -55,7 +55,9 @@ "name": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786" }, { - "url": "https://www.oracle.com//security-alerts/cpujul2021.html" + "url": "https://www.oracle.com//security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] }, diff --git a/2021/2xxx/CVE-2021-2244.json b/2021/2xxx/CVE-2021-2244.json index b571e945b21..40b81de1cff 100644 --- a/2021/2xxx/CVE-2021-2244.json +++ b/2021/2xxx/CVE-2021-2244.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + "value": "Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and 12.2.1.4, and Essbase Analytic Provider Services 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Analytic Provider Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ] }, @@ -77,7 +77,7 @@ "url": "https://www.oracle.com/security-alerts/cpujul2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2021.html" - } + } ] } -} +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2323.json b/2021/2xxx/CVE-2021-2323.json index d9cacaf0917..90a6f05d5b2 100644 --- a/2021/2xxx/CVE-2021-2323.json +++ b/2021/2xxx/CVE-2021-2323.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2323" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "FLEXCUBE Universal Banking", - "version": { - "version_data": [ - { - "version_value": "12.3", - "version_affected": "=" - }, - { - "version_value": "12.4", - "version_affected": "=" - }, - { - "version_value": "14.0-14.4", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.3", + "version_affected": "=" + }, + { + "version_value": "12.4", + "version_affected": "=" + }, + { + "version_value": "14.0-14.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.9", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2324.json b/2021/2xxx/CVE-2021-2324.json index 0b82cdab7eb..9d4ab279667 100644 --- a/2021/2xxx/CVE-2021-2324.json +++ b/2021/2xxx/CVE-2021-2324.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2324" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "FLEXCUBE Universal Banking", - "version": { - "version_data": [ - { - "version_value": "12.0-12.4", - "version_affected": "=" - }, - { - "version_value": "14.0-14.4", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0-12.4", + "version_affected": "=" + }, + { + "version_value": "14.0-14.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.6", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 and . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2326.json b/2021/2xxx/CVE-2021-2326.json index 3b9f26dd373..4a2894c9470 100644 --- a/2021/2xxx/CVE-2021-2326.json +++ b/2021/2xxx/CVE-2021-2326.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2326" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "12.2.0.1", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "2.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2328.json b/2021/2xxx/CVE-2021-2328.json index ef3a992d2d0..1e772b9b201 100644 --- a/2021/2xxx/CVE-2021-2328.json +++ b/2021/2xxx/CVE-2021-2328.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2328" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Text", - "version": { - "version_data": [ - { - "version_value": "12.1.0.2", - "version_affected": "=" - }, - { - "version_value": "12.2.0.1", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Text", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2329.json b/2021/2xxx/CVE-2021-2329.json index 918dc13d106..ee85603a533 100644 --- a/2021/2xxx/CVE-2021-2329.json +++ b/2021/2xxx/CVE-2021-2329.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2329" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "12.1.0.2", - "version_affected": "=" - }, - { - "version_value": "12.2.0.1", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2330.json b/2021/2xxx/CVE-2021-2330.json index b1b66119eed..0096b739332 100644 --- a/2021/2xxx/CVE-2021-2330.json +++ b/2021/2xxx/CVE-2021-2330.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2330" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2333.json b/2021/2xxx/CVE-2021-2333.json index 84250a6fe99..ee40937ce74 100644 --- a/2021/2xxx/CVE-2021-2333.json +++ b/2021/2xxx/CVE-2021-2333.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2333" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Database - Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "12.1.0.2", - "version_affected": "=" - }, - { - "version_value": "12.2.0.1", - "version_affected": "=" - }, - { - "version_value": "19c", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Database - Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2448.json b/2021/2xxx/CVE-2021-2448.json index cbe0b054ebe..391e7c8f985 100644 --- a/2021/2xxx/CVE-2021-2448.json +++ b/2021/2xxx/CVE-2021-2448.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2448" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Crime and Compliance Investigation Hub", - "version": { - "version_data": [ - { - "version_value": "20.1.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Crime and Compliance Investigation Hub", + "version": { + "version_data": [ + { + "version_value": "20.1.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "3.7", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2449.json b/2021/2xxx/CVE-2021-2449.json index da21611c092..8945e4e1406 100644 --- a/2021/2xxx/CVE-2021-2449.json +++ b/2021/2xxx/CVE-2021-2449.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2449" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2450.json b/2021/2xxx/CVE-2021-2450.json index f94e8cd151e..f6ebfe4817e 100644 --- a/2021/2xxx/CVE-2021-2450.json +++ b/2021/2xxx/CVE-2021-2450.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2450" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2451.json b/2021/2xxx/CVE-2021-2451.json index 7dd504bace4..ffda87bc064 100644 --- a/2021/2xxx/CVE-2021-2451.json +++ b/2021/2xxx/CVE-2021-2451.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2451" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2452.json b/2021/2xxx/CVE-2021-2452.json index 38c4b78fedd..e684b9816d3 100644 --- a/2021/2xxx/CVE-2021-2452.json +++ b/2021/2xxx/CVE-2021-2452.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2452" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2453.json b/2021/2xxx/CVE-2021-2453.json index 8b3be186bab..bfe895d325c 100644 --- a/2021/2xxx/CVE-2021-2453.json +++ b/2021/2xxx/CVE-2021-2453.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2453" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Outside In Technology", - "version": { - "version_data": [ - { - "version_value": "8.5.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "dep", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "dep", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2454.json b/2021/2xxx/CVE-2021-2454.json index b82b9c7df5a..77b4d8c681c 100644 --- a/2021/2xxx/CVE-2021-2454.json +++ b/2021/2xxx/CVE-2021-2454.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2454" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "6.1.24", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "6.1.24", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.0", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.0", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2455.json b/2021/2xxx/CVE-2021-2455.json index ae38bd93f45..650d7249ab4 100644 --- a/2021/2xxx/CVE-2021-2455.json +++ b/2021/2xxx/CVE-2021-2455.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2455" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PeopleSoft Enterprise HCM Shared Components", - "version": { - "version_data": [ - { - "version_value": "9.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Shared Components", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2456.json b/2021/2xxx/CVE-2021-2456.json index 7619d8c0052..66231ce01d1 100644 --- a/2021/2xxx/CVE-2021-2456.json +++ b/2021/2xxx/CVE-2021-2456.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2456" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Business Intelligence Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2457.json b/2021/2xxx/CVE-2021-2457.json index 3abe0d08a53..5a6e7e0dbd4 100644 --- a/2021/2xxx/CVE-2021-2457.json +++ b/2021/2xxx/CVE-2021-2457.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2457" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Identity Manager", - "version": { - "version_data": [ - { - "version_value": "11.1.2.3.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2458.json b/2021/2xxx/CVE-2021-2458.json index 18c66944cfe..cf26a939bee 100644 --- a/2021/2xxx/CVE-2021-2458.json +++ b/2021/2xxx/CVE-2021-2458.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2458" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Identity Manager", - "version": { - "version_data": [ - { - "version_value": "11.1.2.2.0", - "version_affected": "=" - }, - { - "version_value": "11.1.2.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "11.1.2.2.0", + "version_affected": "=" + }, + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.6", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.6", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data as well as unauthorized update, insert or delete access to some of Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2460.json b/2021/2xxx/CVE-2021-2460.json index 63aa95643fc..b21755a1167 100644 --- a/2021/2xxx/CVE-2021-2460.json +++ b/2021/2xxx/CVE-2021-2460.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2460" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Application Express (APEX)", - "version": { - "version_data": [ - { - "version_value": "21.1.0.00.04", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Express (APEX)", + "version": { + "version_data": [ + { + "version_value": "21.1.0.00.04", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.4", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2462.json b/2021/2xxx/CVE-2021-2462.json index aa388a19f3d..6c88b74286b 100644 --- a/2021/2xxx/CVE-2021-2462.json +++ b/2021/2xxx/CVE-2021-2462.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2462" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Commerce Service Center", - "version": { - "version_data": [ - { - "version_value": "11.0.0", - "version_affected": "=" - }, - { - "version_value": "11.1.0", - "version_affected": "=" - }, - { - "version_value": "11.2.0", - "version_affected": "=" - }, - { - "version_value": "11.3.0-11.3.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Service Center", + "version": { + "version_data": [ + { + "version_value": "11.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.0", + "version_affected": "=" + }, + { + "version_value": "11.2.0", + "version_affected": "=" + }, + { + "version_value": "11.3.0-11.3.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Service Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Service Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Service Center accessible data as well as unauthorized read access to a subset of Oracle Commerce Service Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2463.json b/2021/2xxx/CVE-2021-2463.json index 506c3bb056f..8d4001b3ca7 100644 --- a/2021/2xxx/CVE-2021-2463.json +++ b/2021/2xxx/CVE-2021-2463.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2463" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Commerce Platform", - "version": { - "version_data": [ - { - "version_value": "11.0.0", - "version_affected": "=" - }, - { - "version_value": "11.1.0", - "version_affected": "=" - }, - { - "version_value": "11.2.0", - "version_affected": "=" - }, - { - "version_value": "11.3.0-11.3.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Platform", + "version": { + "version_data": [ + { + "version_value": "11.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.0", + "version_affected": "=" + }, + { + "version_value": "11.2.0", + "version_affected": "=" + }, + { + "version_value": "11.3.0-11.3.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32751.json b/2021/32xxx/CVE-2021-32751.json index 95e108c714d..0ca6a59bdda 100644 --- a/2021/32xxx/CVE-2021-32751.json +++ b/2021/32xxx/CVE-2021-32751.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell.\n\nThere are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command." + "value": "Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command." } ] },