admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-15 18:00:55 +00:00
parent 3122422ef1
commit 5cb9fe4452
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 1517 additions and 1465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/11xxx/CVE-2020-11633.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@zscaler.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81",
"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges."
}
]
}

174
2021/20xxx/CVE-2021-20496.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20496",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
]
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-20496",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"I" : "L",
"SCORE" : "2.700",
"UI" : "N",
"C" : "N",
"PR" : "H",
"AV" : "N",
"A" : "N",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966",
"refsource" : "XF",
"name" : "ibm-sam-cve202120496-sec-bypass (197966)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "L",
"SCORE": "2.700",
"UI": "N",
"C": "N",
"PR": "H",
"AV": "N",
"A": "N",
"AC": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966",
"refsource": "XF",
"name": "ibm-sam-cve202120496-sec-bypass (197966)",
"title": "X-Force Vulnerability Report"
}
]
}
}

172
2021/20xxx/CVE-2021-20497.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"url" : "https://www.ibm.com/support/pages/node/6471895"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969",
"refsource" : "XF",
"name" : "ibm-sam-cve202120497-info-disc (197969)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"C" : "H",
"SCORE" : "5.900",
"UI" : "N",
"I" : "N",
"S" : "U",
"AC" : "H",
"AV" : "N",
"A" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"url": "https://www.ibm.com/support/pages/node/6471895"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969",
"refsource": "XF",
"name": "ibm-sam-cve202120497-info-disc (197969)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"C": "H",
"SCORE": "5.900",
"UI": "N",
"I": "N",
"S": "U",
"AC": "H",
"AV": "N",
"A": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20497",
"DATE_PUBLIC" : "2021-07-13T00:00:00"
},
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2021-20497",
"DATE_PUBLIC": "2021-07-13T00:00:00"
},
"data_format": "MITRE"
}

174
2021/20xxx/CVE-2021-20498.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20498"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"SCORE" : "5.300",
"C" : "L",
"UI" : "N",
"S" : "U",
"I" : "N",
"AV" : "N",
"A" : "N",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972."
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120498-info-disc (197972)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972"
}
]
},
"data_version" : "4.0"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20498"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"SCORE": "5.300",
"C": "L",
"UI": "N",
"S": "U",
"I": "N",
"AV": "N",
"A": "N",
"AC": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972."
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120498-info-disc (197972)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972"
}
]
},
"data_version": "4.0"
}

172
2021/20xxx/CVE-2021-20499.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120499-info-disc (197973)"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"A" : "N",
"AV" : "N",
"AC" : "L",
"S" : "U",
"I" : "N",
"SCORE" : "2.700",
"C" : "L",
"UI" : "N",
"PR" : "H"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120499-info-disc (197973)"
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20499",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"A": "N",
"AV": "N",
"AC": "L",
"S": "U",
"I": "N",
"SCORE": "2.700",
"C": "L",
"UI": "N",
"PR": "H"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
}
}
]
}
]
}
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20499",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}

174
2021/20xxx/CVE-2021-20500.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20500",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"AV" : "L",
"S" : "U",
"I" : "N",
"PR" : "H",
"C" : "H",
"SCORE" : "4.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6471895"
},
{
"refsource" : "XF",
"name" : "ibm-sam-cve202120500-info-disc (197980)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980"
}
]
},
"data_version" : "4.0"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-20500",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"AV": "L",
"S": "U",
"I": "N",
"PR": "H",
"C": "H",
"SCORE": "4.400",
"UI": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6471895"
},
{
"refsource": "XF",
"name": "ibm-sam-cve202120500-info-disc (197980)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980"
}
]
},
"data_version": "4.0"
}

176
2021/20xxx/CVE-2021-20510.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20510"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120510-info-disc (198299)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"I" : "N",
"S" : "C",
"SCORE" : "6.800",
"C" : "H",
"UI" : "N",
"PR" : "H",
"A" : "N",
"AV" : "N",
"AC" : "L"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299",
"lang" : "eng"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20510"
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120510-info-disc (198299)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"I": "N",
"S": "C",
"SCORE": "6.800",
"C": "H",
"UI": "N",
"PR": "H",
"A": "N",
"AV": "N",
"AC": "L"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299",
"lang": "eng"
}
]
}
}

176
2021/20xxx/CVE-2021-20511.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20511"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300",
"refsource" : "XF",
"name" : "ibm-sam-cve202120511-info-disc (198300)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"A" : "N",
"AV" : "A",
"PR" : "H",
"SCORE" : "5.200",
"UI" : "N",
"C" : "H",
"S" : "U",
"I" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.",
"lang" : "eng"
}
]
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20511"
},
"data_format": "MITRE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300",
"refsource": "XF",
"name": "ibm-sam-cve202120511-info-disc (198300)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"A": "N",
"AV": "A",
"PR": "H",
"SCORE": "5.200",
"UI": "N",
"C": "H",
"S": "U",
"I": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.",
"lang": "eng"
}
]
}
}

176
2021/20xxx/CVE-2021-20523.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"I" : "N",
"SCORE" : "2.700",
"C" : "L",
"UI" : "N",
"PR" : "H",
"A" : "N",
"AV" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"url" : "https://www.ibm.com/support/pages/node/6471895"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120523-info-disc (198660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20523",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
}
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "N",
"SCORE": "2.700",
"C": "L",
"UI": "N",
"PR": "H",
"A": "N",
"AV": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"url": "https://www.ibm.com/support/pages/node/6471895"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120523-info-disc (198660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-20523",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
}
}
]
}
}
}

172
2021/20xxx/CVE-2021-20524.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120524-xss (198661)"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "R",
"SCORE" : "4.800",
"C" : "L",
"PR" : "H",
"I" : "L",
"S" : "C",
"AV" : "N",
"A" : "N",
"AC" : "L"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120524-xss (198661)"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"SCORE": "4.800",
"C": "L",
"PR": "H",
"I": "L",
"S": "C",
"AV": "N",
"A": "N",
"AC": "L"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20524"
}
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20524"
}
}

174
2021/20xxx/CVE-2021-20533.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-20533",
"DATE_PUBLIC" : "2021-07-13T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-20533",
"DATE_PUBLIC": "2021-07-13T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"S" : "C",
"SCORE" : "8.400",
"UI" : "N",
"C" : "H",
"PR" : "H",
"A" : "H",
"AV" : "A",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM"
},
{
"name" : "ibm-sam-cve202120533-command-injection (198813)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813"
}
]
},
"data_version" : "4.0"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"S": "C",
"SCORE": "8.400",
"UI": "N",
"C": "H",
"PR": "H",
"A": "H",
"AV": "A",
"AC": "L"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM"
},
{
"name": "ibm-sam-cve202120533-command-injection (198813)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813"
}
]
},
"data_version": "4.0"
}

172
2021/20xxx/CVE-2021-20534.json
View File

@ -1,90 +1,90 @@
{
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895"
},
{
"name" : "ibm-sam-cve202120534-open-redirect (198814)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "H",
"S" : "U",
"PR" : "H",
"SCORE" : "4.500",
"UI" : "R",
"C" : "N",
"AV" : "N",
"A" : "N",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895"
},
{
"name": "ibm-sam-cve202120534-open-redirect (198814)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "H",
"S": "U",
"PR": "H",
"SCORE": "4.500",
"UI": "R",
"C": "N",
"AV": "N",
"A": "N",
"AC": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-20534",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-20534",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_format": "MITRE"
}

174
2021/20xxx/CVE-2021-20537.json
View File

@ -1,90 +1,90 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-20537"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
},
"product_name" : "Security Verify Access Docker"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"AV" : "N",
"A" : "N",
"C" : "H",
"SCORE" : "6.500",
"UI" : "N",
"PR" : "L",
"I" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sam-cve202120537-infor-disc (198918)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-20537"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
},
"product_name": "Security Verify Access Docker"
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"AV": "N",
"A": "N",
"C": "H",
"SCORE": "6.500",
"UI": "N",
"PR": "L",
"I": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"name": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918",
"title": "X-Force Vulnerability Report",
"name": "ibm-sam-cve202120537-infor-disc (198918)",
"refsource": "XF"
}
]
},
"data_version": "4.0"
}

174
2021/29xxx/CVE-2021-29699.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"ID" : "CVE-2021-29699",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "A",
"A" : "H",
"AC" : "L",
"S" : "U",
"I" : "H",
"C" : "H",
"SCORE" : "6.600",
"UI" : "R",
"PR" : "H"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600."
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600",
"refsource" : "XF",
"name" : "ibm-sam-cve202129699-file-upload (200600)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-13T00:00:00",
"ID": "CVE-2021-29699",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "A",
"A": "H",
"AC": "L",
"S": "U",
"I": "H",
"C": "H",
"SCORE": "6.600",
"UI": "R",
"PR": "H"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600."
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600",
"refsource": "XF",
"name": "ibm-sam-cve202129699-file-upload (200600)",
"title": "X-Force Vulnerability Report"
}
]
}
}

176
2021/29xxx/CVE-2021-29742.json
View File

@ -1,90 +1,90 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"PR" : "N",
"SCORE" : "7.900",
"UI" : "R",
"C" : "H",
"S" : "C",
"I" : "H",
"AV" : "A",
"A" : "H",
"AC" : "H"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6471895",
"name" : "https://www.ibm.com/support/pages/node/6471895",
"title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-sam-cve202129742-session-fixation (201483)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29742",
"DATE_PUBLIC" : "2021-07-13T00:00:00"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Verify Access Docker",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"PR": "N",
"SCORE": "7.900",
"UI": "R",
"C": "H",
"S": "C",
"I": "H",
"AV": "A",
"A": "H",
"AC": "H"
}
]
}
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6471895",
"name": "https://www.ibm.com/support/pages/node/6471895",
"title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"name": "ibm-sam-cve202129742-session-fixation (201483)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29742",
"DATE_PUBLIC": "2021-07-13T00:00:00"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

124
2021/34xxx/CVE-2021-34827.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": "phieulang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n Was ZDI-CAN-12029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
},
"credit": "phieulang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/34xxx/CVE-2021-34828.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
},
"credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/34xxx/CVE-2021-34829.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": "phieulang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
},
"credit": "phieulang",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/34xxx/CVE-2021-34830.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1330",
"version": {
"version_data": [
{
"version_value": "1.13B01 BETA"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. \n Was ZDI-CAN-12028."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
},
"credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}