From 6695b15ecfd1d6f08ed8bec7556b266caa7001f4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 Dec 2021 22:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/31xxx/CVE-2021-31631.json | 56 ++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31632.json | 56 ++++++++++++++++++++++--- 2021/44xxx/CVE-2021-44025.json | 5 +++ 2021/44xxx/CVE-2021-44026.json | 5 +++ 2021/44xxx/CVE-2021-44675.json | 18 ++++++++ 2021/44xxx/CVE-2021-44676.json | 18 ++++++++ 2021/44xxx/CVE-2021-44677.json | 76 ++++++++++++++++++++++++++++++++++ 2021/44xxx/CVE-2021-44678.json | 76 ++++++++++++++++++++++++++++++++++ 2021/44xxx/CVE-2021-44679.json | 76 ++++++++++++++++++++++++++++++++++ 2021/44xxx/CVE-2021-44680.json | 76 ++++++++++++++++++++++++++++++++++ 2021/44xxx/CVE-2021-44681.json | 76 ++++++++++++++++++++++++++++++++++ 2021/44xxx/CVE-2021-44682.json | 76 ++++++++++++++++++++++++++++++++++ 12 files changed, 602 insertions(+), 12 deletions(-) create mode 100644 2021/44xxx/CVE-2021-44675.json create mode 100644 2021/44xxx/CVE-2021-44676.json create mode 100644 2021/44xxx/CVE-2021-44677.json create mode 100644 2021/44xxx/CVE-2021-44678.json create mode 100644 2021/44xxx/CVE-2021-44679.json create mode 100644 2021/44xxx/CVE-2021-44680.json create mode 100644 2021/44xxx/CVE-2021-44681.json create mode 100644 2021/44xxx/CVE-2021-44682.json diff --git a/2021/31xxx/CVE-2021-31631.json b/2021/31xxx/CVE-2021-31631.json index 16266d68e22..81b28d6c912 100644 --- a/2021/31xxx/CVE-2021-31631.json +++ b/2021/31xxx/CVE-2021-31631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/stacksmasher007/76514ab2b782fb4383f1121e6fc19241", + "refsource": "MISC", + "name": "https://gist.github.com/stacksmasher007/76514ab2b782fb4383f1121e6fc19241" } ] } diff --git a/2021/31xxx/CVE-2021-31632.json b/2021/31xxx/CVE-2021-31632.json index ed0a94b2ab6..362fde3cfe3 100644 --- a/2021/31xxx/CVE-2021-31632.json +++ b/2021/31xxx/CVE-2021-31632.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Stacksmashers101/c6b9ea92f42c23473170bb3acc8fc5fe", + "refsource": "MISC", + "name": "https://gist.github.com/Stacksmashers101/c6b9ea92f42c23473170bb3acc8fc5fe" } ] } diff --git a/2021/44xxx/CVE-2021-44025.json b/2021/44xxx/CVE-2021-44025.json index 551f22af475..4186cd54725 100644 --- a/2021/44xxx/CVE-2021-44025.json +++ b/2021/44xxx/CVE-2021-44025.json @@ -86,6 +86,11 @@ "refsource": "DEBIAN", "name": "DSA-5013", "url": "https://www.debian.org/security/2021/dsa-5013" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2840-1] roundcube security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html" } ] } diff --git a/2021/44xxx/CVE-2021-44026.json b/2021/44xxx/CVE-2021-44026.json index 3ce8eba254c..122bee9a2bd 100644 --- a/2021/44xxx/CVE-2021-44026.json +++ b/2021/44xxx/CVE-2021-44026.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-5013", "url": "https://www.debian.org/security/2021/dsa-5013" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211206 [SECURITY] [DLA 2840-1] roundcube security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html" } ] } diff --git a/2021/44xxx/CVE-2021-44675.json b/2021/44xxx/CVE-2021-44675.json new file mode 100644 index 00000000000..2ac80f1a9d9 --- /dev/null +++ b/2021/44xxx/CVE-2021-44675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44676.json b/2021/44xxx/CVE-2021-44676.json new file mode 100644 index 00000000000..04a6e7e835d --- /dev/null +++ b/2021/44xxx/CVE-2021-44676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44677.json b/2021/44xxx/CVE-2021-44677.json new file mode 100644 index 00000000000..02d7d7f1718 --- /dev/null +++ b/2021/44xxx/CVE-2021-44677.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44678.json b/2021/44xxx/CVE-2021-44678.json new file mode 100644 index 00000000000..2efbf81ca99 --- /dev/null +++ b/2021/44xxx/CVE-2021-44678.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44679.json b/2021/44xxx/CVE-2021-44679.json new file mode 100644 index 00000000000..e56d3c4b985 --- /dev/null +++ b/2021/44xxx/CVE-2021-44679.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44680.json b/2021/44xxx/CVE-2021-44680.json new file mode 100644 index 00000000000..0884ce67ca0 --- /dev/null +++ b/2021/44xxx/CVE-2021-44680.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44681.json b/2021/44xxx/CVE-2021-44681.json new file mode 100644 index 00000000000..b50365b5d85 --- /dev/null +++ b/2021/44xxx/CVE-2021-44681.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44682.json b/2021/44xxx/CVE-2021-44682.json new file mode 100644 index 00000000000..49631253567 --- /dev/null +++ b/2021/44xxx/CVE-2021-44682.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-44682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/content/support/en_US/security/VTS21-003", + "refsource": "MISC", + "name": "https://www.veritas.com/content/support/en_US/security/VTS21-003" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file