From 66e70b478c43de7d6d1eac91a020e2814ef2b036 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 16 Jun 2021 16:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20178.json | 7 +++- 2020/20xxx/CVE-2020-20444.json | 56 +++++++++++++++++++++++++---- 2020/22xxx/CVE-2020-22198.json | 61 +++++++++++++++++++++++++++---- 2020/24xxx/CVE-2020-24939.json | 66 ++++++++++++++++++++++++++++++---- 2020/27xxx/CVE-2020-27339.json | 61 +++++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35759.json | 56 +++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35760.json | 56 +++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35761.json | 56 +++++++++++++++++++++++++---- 2020/35xxx/CVE-2020-35762.json | 56 +++++++++++++++++++++++++---- 2021/20xxx/CVE-2021-20095.json | 60 ++----------------------------- 2021/34xxx/CVE-2021-34804.json | 18 ++++++++++ 2021/34xxx/CVE-2021-34805.json | 18 ++++++++++ 2021/34xxx/CVE-2021-34806.json | 18 ++++++++++ 2021/34xxx/CVE-2021-34807.json | 18 ++++++++++ 14 files changed, 501 insertions(+), 106 deletions(-) create mode 100644 2021/34xxx/CVE-2021-34804.json create mode 100644 2021/34xxx/CVE-2021-34805.json create mode 100644 2021/34xxx/CVE-2021-34806.json create mode 100644 2021/34xxx/CVE-2021-34807.json diff --git a/2020/20xxx/CVE-2020-20178.json b/2020/20xxx/CVE-2020-20178.json index 976804ec826..ecc6ef5303b 100644 --- a/2020/20xxx/CVE-2020-20178.json +++ b/2020/20xxx/CVE-2020-20178.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://etherscan.io/address/0xe933c0cd9784414d5f278c114904f5a84b396919", + "url": "https://etherscan.io/address/0xe933c0cd9784414d5f278c114904f5a84b396919" + }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", @@ -55,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP\u2019s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability." + "value": "Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses." } ] } diff --git a/2020/20xxx/CVE-2020-20444.json b/2020/20xxx/CVE-2020-20444.json index a284ffb964a..5a6f0ae6a3d 100644 --- a/2020/20xxx/CVE-2020-20444.json +++ b/2020/20xxx/CVE-2020-20444.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20444", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20444", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which \"could\" lead to RCE vulnerability ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/jact/openclinic/issues/8", + "url": "https://github.com/jact/openclinic/issues/8" } ] } diff --git a/2020/22xxx/CVE-2020-22198.json b/2020/22xxx/CVE-2020-22198.json index 45c419c4672..7d41888e401 100644 --- a/2020/22xxx/CVE-2020-22198.json +++ b/2020/22xxx/CVE-2020-22198.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22198", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22198", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/blindkey/DedeCMSv5/issues/1", + "refsource": "MISC", + "name": "https://github.com/blindkey/DedeCMSv5/issues/1" + }, + { + "url": "http://www.hackdig.com/?02/hack-8391.htm", + "refsource": "MISC", + "name": "http://www.hackdig.com/?02/hack-8391.htm" } ] } diff --git a/2020/24xxx/CVE-2020-24939.json b/2020/24xxx/CVE-2020-24939.json index 2827a9c9dc6..53475d9a29f 100644 --- a/2020/24xxx/CVE-2020-24939.json +++ b/2020/24xxx/CVE-2020-24939.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24939", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24939", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/959987", + "refsource": "MISC", + "name": "https://hackerone.com/reports/959987" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/stampit-org/supermixer/issues/9", + "url": "https://github.com/stampit-org/supermixer/issues/9" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/stampit-org/supermixer/compare/v1.0.4...v1.0.5", + "url": "https://github.com/stampit-org/supermixer/compare/v1.0.4...v1.0.5" } ] } diff --git a/2020/27xxx/CVE-2020-27339.json b/2020/27xxx/CVE-2020-27339.json index 13f20602505..37dee91b46c 100644 --- a/2020/27xxx/CVE-2020-27339.json +++ b/2020/27xxx/CVE-2020-27339.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27339", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27339", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.insyde.com/products", + "refsource": "MISC", + "name": "https://www.insyde.com/products" + }, + { + "refsource": "MISC", + "name": "https://www.insyde.com/security-pledge/SA-2021001", + "url": "https://www.insyde.com/security-pledge/SA-2021001" } ] } diff --git a/2020/35xxx/CVE-2020-35759.json b/2020/35xxx/CVE-2020-35759.json index 0b03038f272..8fe32912ed7 100644 --- a/2020/35xxx/CVE-2020-35759.json +++ b/2020/35xxx/CVE-2020-35759.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35759", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35759", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexlang24/bloofoxCMS/issues/10", + "refsource": "MISC", + "name": "https://github.com/alexlang24/bloofoxCMS/issues/10" } ] } diff --git a/2020/35xxx/CVE-2020-35760.json b/2020/35xxx/CVE-2020-35760.json index 1698baa06f6..aed52bc0dc6 100644 --- a/2020/35xxx/CVE-2020-35760.json +++ b/2020/35xxx/CVE-2020-35760.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35760", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35760", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexlang24/bloofoxCMS/issues/9", + "refsource": "MISC", + "name": "https://github.com/alexlang24/bloofoxCMS/issues/9" } ] } diff --git a/2020/35xxx/CVE-2020-35761.json b/2020/35xxx/CVE-2020-35761.json index 28c28d1cdb9..fdd95b8b606 100644 --- a/2020/35xxx/CVE-2020-35761.json +++ b/2020/35xxx/CVE-2020-35761.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35761", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35761", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexlang24/bloofoxCMS/issues/8", + "refsource": "MISC", + "name": "https://github.com/alexlang24/bloofoxCMS/issues/8" } ] } diff --git a/2020/35xxx/CVE-2020-35762.json b/2020/35xxx/CVE-2020-35762.json index cefe6b4f5de..86f3a410bf1 100644 --- a/2020/35xxx/CVE-2020-35762.json +++ b/2020/35xxx/CVE-2020-35762.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35762", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35762", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexlang24/bloofoxCMS/issues/11", + "refsource": "MISC", + "name": "https://github.com/alexlang24/bloofoxCMS/issues/11" } ] } diff --git a/2021/20xxx/CVE-2021-20095.json b/2021/20xxx/CVE-2021-20095.json index c5e7244f458..52e0c370f63 100644 --- a/2021/20xxx/CVE-2021-20095.json +++ b/2021/20xxx/CVE-2021-20095.json @@ -4,68 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20095", - "ASSIGNER": "vulnreport@tenable.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Babel", - "version": { - "version_data": [ - { - "version_value": "2.9.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Directory Traversal / Arbitrary Code Execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://www.tenable.com/security/research/tra-2021-14", - "url": "https://www.tenable.com/security/research/tra-2021-14" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-7e2a143808", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKXUEWVKU5WASYSAFXQP6SFSDOG773RV/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2021-a499f89369", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MORYINYUSYI6XLC4UKPRGGFD2WMO7GSM/" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2021/34xxx/CVE-2021-34804.json b/2021/34xxx/CVE-2021-34804.json new file mode 100644 index 00000000000..2f7794e9559 --- /dev/null +++ b/2021/34xxx/CVE-2021-34804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34805.json b/2021/34xxx/CVE-2021-34805.json new file mode 100644 index 00000000000..c20fc5f7d80 --- /dev/null +++ b/2021/34xxx/CVE-2021-34805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34806.json b/2021/34xxx/CVE-2021-34806.json new file mode 100644 index 00000000000..62472d0474c --- /dev/null +++ b/2021/34xxx/CVE-2021-34806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34807.json b/2021/34xxx/CVE-2021-34807.json new file mode 100644 index 00000000000..240a44dc3cd --- /dev/null +++ b/2021/34xxx/CVE-2021-34807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file