diff --git a/2020/19xxx/CVE-2020-19613.json b/2020/19xxx/CVE-2020-19613.json index f95ceab853e..e1bc13feb90 100644 --- a/2020/19xxx/CVE-2020-19613.json +++ b/2020/19xxx/CVE-2020-19613.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19613", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19613", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sunkaifei/FlyCms/issues/1", + "refsource": "MISC", + "name": "https://github.com/sunkaifei/FlyCms/issues/1" } ] } diff --git a/2020/19xxx/CVE-2020-19616.json b/2020/19xxx/CVE-2020-19616.json index f097101e6d6..eab034b6cce 100644 --- a/2020/19xxx/CVE-2020-19616.json +++ b/2020/19xxx/CVE-2020-19616.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/langhsu/mblog/issues/27", + "refsource": "MISC", + "name": "https://github.com/langhsu/mblog/issues/27" } ] } diff --git a/2020/19xxx/CVE-2020-19617.json b/2020/19xxx/CVE-2020-19617.json index ce707c7de8b..9e217bd632c 100644 --- a/2020/19xxx/CVE-2020-19617.json +++ b/2020/19xxx/CVE-2020-19617.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19617", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19617", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/langhsu/mblog/issues/27", + "refsource": "MISC", + "name": "https://github.com/langhsu/mblog/issues/27" } ] } diff --git a/2021/20xxx/CVE-2021-20078.json b/2021/20xxx/CVE-2021-20078.json index 96c6c4f6267..a83ead463ac 100644 --- a/2021/20xxx/CVE-2021-20078.json +++ b/2021/20xxx/CVE-2021-20078.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20078", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Manage Engine OpManager", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version build 125346" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-10", + "url": "https://www.tenable.com/security/research/tra-2021-10" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS." } ] } diff --git a/2021/21xxx/CVE-2021-21982.json b/2021/21xxx/CVE-2021-21982.json index 0f7697eed1f..8a59551974f 100644 --- a/2021/21xxx/CVE-2021-21982.json +++ b/2021/21xxx/CVE-2021-21982.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Carbon Black Cloud Workload appliance", + "version": { + "version_data": [ + { + "version_value": "VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0005.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings." } ] } diff --git a/2021/26xxx/CVE-2021-26072.json b/2021/26xxx/CVE-2021-26072.json index 81f2722e92a..a4629c30a53 100644 --- a/2021/26xxx/CVE-2021-26072.json +++ b/2021/26xxx/CVE-2021-26072.json @@ -1,75 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-04-01T00:00:00", - "ID": "CVE-2021-26072", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Confluence Server", - "version": { - "version_data": [ - { - "version_value": "5.8.6", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Confluence Data Center", - "version": { - "version_data": [ - { - "version_value": "5.8.6", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability." - - - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Server Side Request Forgery (SSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-04-01T00:00:00", + "ID": "CVE-2021-26072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence Server", + "version": { + "version_data": [ + { + "version_value": "5.8.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Confluence Data Center", + "version": { + "version_data": [ + { + "version_value": "5.8.6", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/CONFSERVER-61399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-61399", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CONFSERVER-61399" + } + ] + } +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26580.json b/2021/26xxx/CVE-2021-26580.json index 6d7cb2f3969..0855a4b0b60 100644 --- a/2021/26xxx/CVE-2021-26580.json +++ b/2021/26xxx/CVE-2021-26580.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iLO Amplifier Pack", + "version": { + "version_data": [ + { + "version_value": "Prior to version 1.80" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site scripting (xss)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04107en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04107en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.80 or later." } ] } diff --git a/2021/26xxx/CVE-2021-26581.json b/2021/26xxx/CVE-2021-26581.json index 039dccda2f2..3e6babe936b 100644 --- a/2021/26xxx/CVE-2021-26581.json +++ b/2021/26xxx/CVE-2021-26581.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Superdome Flex Server", + "version": { + "version_data": [ + { + "version_value": "Prior to version 3.30.142" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service (dos)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04102en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04102en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later." } ] } diff --git a/2021/26xxx/CVE-2021-26718.json b/2021/26xxx/CVE-2021-26718.json index b49cf029321..e241f3264d7 100644 --- a/2021/26xxx/CVE-2021-26718.json +++ b/2021/26xxx/CVE-2021-26718.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky Internet Security for Mac", + "version": { + "version_data": [ + { + "version_value": "prior to 21.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection." } ] } diff --git a/2021/27xxx/CVE-2021-27653.json b/2021/27xxx/CVE-2021-27653.json index d34fbbc2b93..0a8e8a29632 100644 --- a/2021/27xxx/CVE-2021-27653.json +++ b/2021/27xxx/CVE-2021-27653.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pega.com", + "DATE_PUBLIC": "2021-03-30T16:45:00.000Z", "ID": "CVE-2021-27653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pega Infinity", + "version": { + "version_data": [ + { + "version_value": ">=7.4.0, <8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Pega Systems" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sakura Samurai Robert Willis, Aubrey Cottle, Jackson Henry, and John Jackson, Collaborator Break3r" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-b21", + "name": "https://collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-b21" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3449.json b/2021/3xxx/CVE-2021-3449.json index f537155b0e8..7ab49fa8e46 100644 --- a/2021/3xxx/CVE-2021-3449.json +++ b/2021/3xxx/CVE-2021-3449.json @@ -121,6 +121,11 @@ "refsource": "GENTOO", "name": "GLSA-202103-03", "url": "https://security.gentoo.org/glsa/202103-03" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tenable.com/security/tns-2021-06", + "url": "https://www.tenable.com/security/tns-2021-06" } ] }