From 658aee85708448b09321ff8a8a8cf6d58e89964b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Jun 2021 19:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13031.json | 7 +++- 2020/36xxx/CVE-2020-36388.json | 62 ++++++++++++++++++++++++++++++++++ 2020/36xxx/CVE-2020-36389.json | 62 ++++++++++++++++++++++++++++++++++ 2021/30xxx/CVE-2021-30465.json | 15 ++++++++ 2021/32xxx/CVE-2021-32575.json | 61 +++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33557.json | 61 +++++++++++++++++++++++++++++---- 2021/3xxx/CVE-2021-3607.json | 18 ++++++++++ 2021/3xxx/CVE-2021-3608.json | 18 ++++++++++ 8 files changed, 291 insertions(+), 13 deletions(-) create mode 100644 2020/36xxx/CVE-2020-36388.json create mode 100644 2020/36xxx/CVE-2020-36389.json create mode 100644 2021/3xxx/CVE-2021-3607.json create mode 100644 2021/3xxx/CVE-2021-3608.json diff --git a/2018/13xxx/CVE-2018-13031.json b/2018/13xxx/CVE-2018-13031.json index aad110b057b..bb5da874f2f 100644 --- a/2018/13xxx/CVE-2018-13031.json +++ b/2018/13xxx/CVE-2018-13031.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account." + "value": "DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account." } ] }, @@ -61,6 +61,11 @@ "name": "44960", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44960/" + }, + { + "refsource": "MISC", + "name": "https://github.com/AutismJH/damicms/issues/6", + "url": "https://github.com/AutismJH/damicms/issues/6" } ] } diff --git a/2020/36xxx/CVE-2020-36388.json b/2020/36xxx/CVE-2020-36388.json new file mode 100644 index 00000000000..544f9c15d40 --- /dev/null +++ b/2020/36xxx/CVE-2020-36388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://civicrm.org/advisory/civi-sa-2020-03", + "refsource": "MISC", + "name": "https://civicrm.org/advisory/civi-sa-2020-03" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36389.json b/2020/36xxx/CVE-2020-36389.json new file mode 100644 index 00000000000..b43e570b9bf --- /dev/null +++ b/2020/36xxx/CVE-2020-36389.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form", + "refsource": "MISC", + "name": "https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form" + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30465.json b/2021/30xxx/CVE-2021-30465.json index 295191cf385..efe4ddc1a95 100644 --- a/2021/30xxx/CVE-2021-30465.json +++ b/2021/30xxx/CVE-2021-30465.json @@ -57,6 +57,11 @@ "refsource": "MISC", "name": "https://github.com/opencontainers/runc/releases" }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210519 CVE-2021-30465: runc <1.0.0-rc95 vulnerable to symlink-exchange attack", + "url": "http://www.openwall.com/lists/oss-security/2021/05/19/2" + }, { "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2021/05/19/2", @@ -76,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-0440f235a0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/" + }, + { + "refsource": "MISC", + "name": "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f", + "url": "https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405", + "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405" } ] } diff --git a/2021/32xxx/CVE-2021-32575.json b/2021/32xxx/CVE-2021-32575.json index 77a7e22a57f..f0cfd9756f2 100644 --- a/2021/32xxx/CVE-2021-32575.json +++ b/2021/32xxx/CVE-2021-32575.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32575", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32575", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/nomad", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/nomad" + }, + { + "refsource": "MISC", + "name": "https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296", + "url": "https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296" } ] } diff --git a/2021/33xxx/CVE-2021-33557.json b/2021/33xxx/CVE-2021-33557.json index a96125b2b41..814209ec983 100644 --- a/2021/33xxx/CVE-2021-33557.json +++ b/2021/33xxx/CVE-2021-33557.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33557", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mantisbt.org/bugs/view.php?id=28552", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=28552" + }, + { + "refsource": "CONFIRM", + "name": "https://mantisbt.org/blog/archives/mantisbt/699", + "url": "https://mantisbt.org/blog/archives/mantisbt/699" } ] } diff --git a/2021/3xxx/CVE-2021-3607.json b/2021/3xxx/CVE-2021-3607.json new file mode 100644 index 00000000000..f83698fdb18 --- /dev/null +++ b/2021/3xxx/CVE-2021-3607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3608.json b/2021/3xxx/CVE-2021-3608.json new file mode 100644 index 00000000000..fa9710fd478 --- /dev/null +++ b/2021/3xxx/CVE-2021-3608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file