diff --git a/2020/13xxx/CVE-2020-13549.json b/2020/13xxx/CVE-2020-13549.json index acb8e7472e4..9830a1770c6 100644 --- a/2020/13xxx/CVE-2020-13549.json +++ b/2020/13xxx/CVE-2020-13549.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Sytech", + "version": { + "version_data": [ + { + "version_value": "Sytech XL Reporter v14.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect default permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation." } ] } diff --git a/2020/27xxx/CVE-2020-27218.json b/2020/27xxx/CVE-2020-27218.json index 6e02f65526a..df34fb15b86 100644 --- a/2020/27xxx/CVE-2020-27218.json +++ b/2020/27xxx/CVE-2020-27218.json @@ -482,6 +482,11 @@ "refsource": "MLIST", "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", "url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3@%3Creviews.spark.apache.org%3E" } ] } diff --git a/2021/21xxx/CVE-2021-21512.json b/2021/21xxx/CVE-2021-21512.json index 8655d0228be..cb31c278793 100644 --- a/2021/21xxx/CVE-2021-21512.json +++ b/2021/21xxx/CVE-2021-21512.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-02-17", - "ID": "CVE-2021-21512", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-02-17", + "ID": "CVE-2021-21512", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Cyber Recovery", + "product_name": "Cyber Recovery", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "19.7.0.2" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.9, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "baseScore": 7.9, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-200: Information Exposure" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure", + "name": "https://www.dell.com/support/kbdoc/en-us/000183169/dsa-2021-038-dell-emc-powerprotect-cyber-recovery-security-update-for-unintended-information-disclosure" } ] } diff --git a/2021/23xxx/CVE-2021-23342.json b/2021/23xxx/CVE-2021-23342.json index 51bdab0d5a0..62d5473bb5b 100644 --- a/2021/23xxx/CVE-2021-23342.json +++ b/2021/23xxx/CVE-2021-23342.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017", + "name": "https://snyk.io/vuln/SNYK-JS-DOCSIFY-1066017" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076593" }, { - "refsource": "CONFIRM", - "url": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe" + "refsource": "MISC", + "url": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe", + "name": "https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package docsify before 4.12.0.\n It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods\r\n\r\n1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. \r\n\r\n2) The isURL external check can be bypassed by inserting more \u201c////\u201d characters \r\n\r\n" + "value": "This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more \u201c////\u201d characters" } ] },