admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-13 12:00:57 +00:00
parent d44221529b
commit 5732078222
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 552 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/27xxx/CVE-2020-27969.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "browser-security@yandex-team.ru",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Yandex Browser for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.8.4."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing"
}
]
}

50
2020/27xxx/CVE-2020-27970.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "browser-security@yandex-team.ru",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Yandex Browser Lite for Android",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 20.10.0."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://yandex.com/bugbounty/i/hall-of-fame-browser/",
"url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar"
}
]
}

108
2021/22xxx/CVE-2021-22524.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91 XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025256",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}

102
2021/22xxx/CVE-2021-22526.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025257",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}

102
2021/22xxx/CVE-2021-22527.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025258",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}

108
2021/22xxx/CVE-2021-22528.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025259",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}

7
2021/35xxx/CVE-2021-35976.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim\u2019s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability."
"value": "The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.bouali.io/cves/cve-2021-35976",
"url": "https://www.bouali.io/cves/cve-2021-35976"
},
{
"refsource": "CONFIRM",
"name": "https://support.plesk.com/hc/en-us/articles/4402990507026",
"url": "https://support.plesk.com/hc/en-us/articles/4402990507026"
}
]
}

66
2021/40xxx/CVE-2021-40214.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40214",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gibbonedu.org/",
"refsource": "MISC",
"name": "https://gibbonedu.org/"
},
{
"url": "https://github.com/GibbonEdu/core/releases/download/v22.0.00/GibbonEduCore-InstallBundle.zip",
"refsource": "MISC",
"name": "https://github.com/GibbonEdu/core/releases/download/v22.0.00/GibbonEduCore-InstallBundle.zip"
},
{
"refsource": "MISC",
"name": "https://github.com/GibbonEdu/core/blob/v22.0.01/CHANGELOG.txt",
"url": "https://github.com/GibbonEdu/core/blob/v22.0.01/CHANGELOG.txt"
}
]
}