diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index c0a9f15d0b8..454bb9cc641 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -30,8 +30,8 @@ "version_affected": "=" } ] - } - } + } + } ] }, "vendor_name": "Oracle Corporation" @@ -101,8 +101,10 @@ "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" } ] } diff --git a/2020/17xxx/CVE-2020-17563.json b/2020/17xxx/CVE-2020-17563.json index afc5e42bb80..1e42d446210 100644 --- a/2020/17xxx/CVE-2020-17563.json +++ b/2020/17xxx/CVE-2020-17563.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17563", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17563", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to \" /index.php?s=/admin-tpl-del&id=\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://blog.51cto.com/12653365/2328557", + "refsource": "MISC", + "name": "http://blog.51cto.com/12653365/2328557" } ] } diff --git a/2020/17xxx/CVE-2020-17564.json b/2020/17xxx/CVE-2020-17564.json index eb3684a3727..a1bccb0b315 100644 --- a/2020/17xxx/CVE-2020-17564.json +++ b/2020/17xxx/CVE-2020-17564.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the \" Admin/DataAction.class.php\" component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://blog.51cto.com/12653365/2328557", + "refsource": "MISC", + "name": "http://blog.51cto.com/12653365/2328557" } ] } diff --git a/2020/24xxx/CVE-2020-24556.json b/2020/24xxx/CVE-2020-24556.json index 544542746fc..088e4f9446b 100644 --- a/2020/24xxx/CVE-2020-24556.json +++ b/2020/24xxx/CVE-2020-24556.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-24556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "2009 (on premise), SaaS" - } - ] - } - }, - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "XG SP1" - } - ] - } - }, - { - "product_name" : "Trend Micro Worry-Free Business Security", - "version" : { - "version_data" : [ - { - "version_value" : "10 SP1, Services (SaaS)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000263632", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000263632" - }, - { - "url" : "https://success.trendmicro.com/solution/000263633", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000263633" - }, - { - "url" : "https://success.trendmicro.com/solution/000267260", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000267260" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/", - "refsource" : "MISC", - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-24556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "2009 (on premise), SaaS" + } + ] + } + }, + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "XG SP1" + } + ] + } + }, + { + "product_name": "Trend Micro Worry-Free Business Security", + "version": { + "version_data": [ + { + "version_value": "10 SP1, Services (SaaS)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000263632", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000263632" + }, + { + "url": "https://success.trendmicro.com/solution/000263633", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000263633" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/" + }, + { + "url": "https://success.trendmicro.com/solution/000267260", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000267260" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24557.json b/2020/24xxx/CVE-2020-24557.json index fc1f20e03ba..64d7b8c14a2 100644 --- a/2020/24xxx/CVE-2020-24557.json +++ b/2020/24xxx/CVE-2020-24557.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-24557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "2009 (on premise), SaaS" - } - ] - } - }, - { - "product_name" : "Trend Micro Worry-Free Business Security ", - "version" : { - "version_data" : [ - { - "version_value" : "10.0 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control Privilege Escalation" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000263632", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000263632" - }, - { - "url" : "https://success.trendmicro.com/solution/000267260", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000267260" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/", - "refsource" : "MISC", - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-24557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "2009 (on premise), SaaS" + } + ] + } + }, + { + "product_name": "Trend Micro Worry-Free Business Security ", + "version": { + "version_data": [ + { + "version_value": "10.0 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000263632", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000263632" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/" + }, + { + "url": "https://success.trendmicro.com/solution/000267260", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000267260" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24558.json b/2020/24xxx/CVE-2020-24558.json index 796b49fd8f0..2ef54b1606a 100644 --- a/2020/24xxx/CVE-2020-24558.json +++ b/2020/24xxx/CVE-2020-24558.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-24558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "2009 (on premise), SaaS" - } - ] - } - }, - { - "product_name" : "Trend Micro Worry-Free Business Security", - "version" : { - "version_data" : [ - { - "version_value" : "10.0 SP1, Services (SaaS)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control Privilege Escalation" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000263632", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000263632" - }, - { - "url" : "https://success.trendmicro.com/solution/000267260", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000267260" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/", - "refsource" : "MISC", - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-24558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "2009 (on premise), SaaS" + } + ] + } + }, + { + "product_name": "Trend Micro Worry-Free Business Security", + "version": { + "version_data": [ + { + "version_value": "10.0 SP1, Services (SaaS)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000263632", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000263632" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/" + }, + { + "url": "https://success.trendmicro.com/solution/000267260", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000267260" + } + ] + } +} \ No newline at end of file diff --git a/2020/24xxx/CVE-2020-24559.json b/2020/24xxx/CVE-2020-24559.json index a1d22c60d47..7c6734b218c 100644 --- a/2020/24xxx/CVE-2020-24559.json +++ b/2020/24xxx/CVE-2020-24559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-24559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Apex One", - "version" : { - "version_data" : [ - { - "version_value" : "2009 (on premise), SaaS" - } - ] - } - }, - { - "product_name" : "Trend Micro Worry-Free Business Security", - "version" : { - "version_data" : [ - { - "version_value" : "10.0 SP1, Services (SaaS)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hard Link Privilege Escalation" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://success.trendmicro.com/solution/000263632", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000263632" - }, - { - "url" : "https://success.trendmicro.com/solution/000267260", - "refsource" : "MISC", - "name" : "https://success.trendmicro.com/solution/000267260" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/", - "refsource" : "MISC", - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-24559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Apex One", + "version": { + "version_data": [ + { + "version_value": "2009 (on premise), SaaS" + } + ] + } + }, + { + "product_name": "Trend Micro Worry-Free Business Security", + "version": { + "version_data": [ + { + "version_value": "10.0 SP1, Services (SaaS)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard Link Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://success.trendmicro.com/solution/000263632", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000263632" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/" + }, + { + "url": "https://success.trendmicro.com/solution/000267260", + "refsource": "MISC", + "name": "https://success.trendmicro.com/solution/000267260" + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24238.json b/2021/24xxx/CVE-2021-24238.json index e8fa6158547..a47d3d9bd67 100644 --- a/2021/24xxx/CVE-2021-24238.json +++ b/2021/24xxx/CVE-2021-24238.json @@ -1,102 +1,102 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24238", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PureThemes", - "product": { - "product_data": [ - { - "product_name": "Realteo", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.2.4", - "version_value": "1.2.4" + "CVE_data_meta": { + "ID": "CVE-2021-24238", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PureThemes", + "product": { + "product_data": [ + { + "product_name": "Realteo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.4", + "version_value": "1.2.4" + } + ] + } + }, + { + "product_name": "Findeo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "Findeo", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.3.1", - "version_value": "1.3.1" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5", - "name": "https://wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5" - }, - { - "refsource": "MISC", - "url": "https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/", - "name": "https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/" - }, - { - "refsource": "MISC", - "url": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme-v1.3.0.txt", - "name": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme-v1.3.0.txt" - }, - { - "refsource": "MISC", - "url": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plugin-v1.2.3.txt", - "name": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plugin-v1.2.3.txt" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-284 Improper Access Control", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "m0ze" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/", + "name": "https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5", + "name": "https://wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5" + }, + { + "refsource": "MISC", + "url": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme-v1.3.0.txt", + "name": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme-v1.3.0.txt" + }, + { + "refsource": "MISC", + "url": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plugin-v1.2.3.txt", + "name": "https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plugin-v1.2.3.txt" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "m0ze" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28648.json b/2021/28xxx/CVE-2021-28648.json index f521f7f77d0..22124675ef9 100644 --- a/2021/28xxx/CVE-2021-28648.json +++ b/2021/28xxx/CVE-2021-28648.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2021-28648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Antivirus for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "2021 (11), 2020 (10.5)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10293" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-420/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2021-28648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Antivirus for Mac", + "version": { + "version_data": [ + { + "version_value": "2021 (11), 2020 (10.5)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10293", + "refsource": "MISC", + "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10293" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-420/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-420/" + } + ] + } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2008.json b/2021/2xxx/CVE-2021-2008.json index 8323a76b659..642010ddb3c 100644 --- a/2021/2xxx/CVE-2021-2008.json +++ b/2021/2xxx/CVE-2021-2008.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2008" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Manager for Fusion Middleware", - "version": { - "version_data": [ - { - "version_value": "11.1.1.9", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager for Fusion Middleware", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data as well as unauthorized read access to a subset of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2053.json b/2021/2xxx/CVE-2021-2053.json index a3f3da8605e..24a037d41eb 100644 --- a/2021/2xxx/CVE-2021-2053.json +++ b/2021/2xxx/CVE-2021-2053.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2053" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Manager Base Platform", - "version": { - "version_data": [ - { - "version_value": "13.4.0.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "13.4.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2134.json b/2021/2xxx/CVE-2021-2134.json index 40b0aefb97f..ce51b7c4ceb 100644 --- a/2021/2xxx/CVE-2021-2134.json +++ b/2021/2xxx/CVE-2021-2134.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2134" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Manager for Fusion Middleware", - "version": { - "version_data": [ - { - "version_value": "12.2.1.4", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager for Fusion Middleware", + "version": { + "version_data": [ + { + "version_value": "12.2.1.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2135.json b/2021/2xxx/CVE-2021-2135.json index e252258aab2..90993abfa81 100644 --- a/2021/2xxx/CVE-2021-2135.json +++ b/2021/2xxx/CVE-2021-2135.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2135" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WebLogic Server", - "version": { - "version_data": [ - { - "version_value": "12.1.3.0.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - }, - { - "version_value": "14.1.1.0.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2136.json b/2021/2xxx/CVE-2021-2136.json index a8ea05c4684..bb46302332f 100644 --- a/2021/2xxx/CVE-2021-2136.json +++ b/2021/2xxx/CVE-2021-2136.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2136" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WebLogic Server", - "version": { - "version_data": [ - { - "version_value": "12.1.3.0.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - }, - { - "version_value": "14.1.1.0.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2140.json b/2021/2xxx/CVE-2021-2140.json index 96c12f81600..fc16eb98333 100644 --- a/2021/2xxx/CVE-2021-2140.json +++ b/2021/2xxx/CVE-2021-2140.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2140" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Analytical Applications Infrastructure", - "version": { - "version_data": [ - { - "version_value": "8.0.6-8.1.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2141.json b/2021/2xxx/CVE-2021-2141.json index 59c9c5f6456..39afe34206e 100644 --- a/2021/2xxx/CVE-2021-2141.json +++ b/2021/2xxx/CVE-2021-2141.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2141" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "FLEXCUBE Direct Banking", - "version": { - "version_data": [ - { - "version_value": "12.0.2", - "version_affected": "=" - }, - { - "version_value": "12.0.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Direct Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.2", + "version_affected": "=" + }, + { + "version_value": "12.0.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "2.0", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.0", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2142.json b/2021/2xxx/CVE-2021-2142.json index 53732138ba9..b8187e23d25 100644 --- a/2021/2xxx/CVE-2021-2142.json +++ b/2021/2xxx/CVE-2021-2142.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2142" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WebLogic Server", - "version": { - "version_data": [ - { - "version_value": "10.3.6.0.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2144.json b/2021/2xxx/CVE-2021-2144.json index 98a4170877c..76bed22cf75 100644 --- a/2021/2xxx/CVE-2021-2144.json +++ b/2021/2xxx/CVE-2021-2144.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2144" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.29 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.19 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.29 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.19 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2145.json b/2021/2xxx/CVE-2021-2145.json index 219d2b7f2f0..661b2015904 100644 --- a/2021/2xxx/CVE-2021-2145.json +++ b/2021/2xxx/CVE-2021-2145.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2145" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "6.1.20", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "6.1.20", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2146.json b/2021/2xxx/CVE-2021-2146.json index 09ddfd99c29..94de55f11a0 100644 --- a/2021/2xxx/CVE-2021-2146.json +++ b/2021/2xxx/CVE-2021-2146.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2146" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.33 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.33 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2147.json b/2021/2xxx/CVE-2021-2147.json index 4efd782ca8a..6c717e9c468 100644 --- a/2021/2xxx/CVE-2021-2147.json +++ b/2021/2xxx/CVE-2021-2147.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2147" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", - "version": { - "version_data": [ - { - "version_value": "8.8", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_value": "8.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "1.8", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Installation). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "1.8", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2149.json b/2021/2xxx/CVE-2021-2149.json index 1b7b5864873..1577dd54357 100644 --- a/2021/2xxx/CVE-2021-2149.json +++ b/2021/2xxx/CVE-2021-2149.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2149" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", - "version": { - "version_data": [ - { - "version_value": "8.8", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_value": "8.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "2.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2150.json b/2021/2xxx/CVE-2021-2150.json index 1c25edcf759..b14b7eceae6 100644 --- a/2021/2xxx/CVE-2021-2150.json +++ b/2021/2xxx/CVE-2021-2150.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2150" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "iStore", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2151.json b/2021/2xxx/CVE-2021-2151.json index 45cea794421..70526c71826 100644 --- a/2021/2xxx/CVE-2021-2151.json +++ b/2021/2xxx/CVE-2021-2151.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2151" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PeopleSoft Enterprise PT PeopleTools", - "version": { - "version_data": [ - { - "version_value": "8.56", - "version_affected": "=" - }, - { - "version_value": "8.57", - "version_affected": "=" - }, - { - "version_value": "8.58", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + }, + { + "version_value": "8.58", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2152.json b/2021/2xxx/CVE-2021-2152.json index 383e2cc5528..237c11586b6 100644 --- a/2021/2xxx/CVE-2021-2152.json +++ b/2021/2xxx/CVE-2021-2152.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2152" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Business Intelligence Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "5.5.0.0.0", - "version_affected": "=" - }, - { - "version_value": "11.1.1.9.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "5.5.0.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.0", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.0", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2153.json b/2021/2xxx/CVE-2021-2153.json index b2435f5acac..bf6b3c3fc85 100644 --- a/2021/2xxx/CVE-2021-2153.json +++ b/2021/2xxx/CVE-2021-2153.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2153" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Expenses", - "version": { - "version_data": [ - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Expenses", + "version": { + "version_data": [ + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Internet Expenses accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Internet Expenses. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Internet Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2154.json b/2021/2xxx/CVE-2021-2154.json index d92cffadfe4..78ebd72ce13 100644 --- a/2021/2xxx/CVE-2021-2154.json +++ b/2021/2xxx/CVE-2021-2154.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2154" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.33 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.33 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2155.json b/2021/2xxx/CVE-2021-2155.json index 10d6ad29256..9cc341e2336 100644 --- a/2021/2xxx/CVE-2021-2155.json +++ b/2021/2xxx/CVE-2021-2155.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2155" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "One-to-One Fulfillment", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2156.json b/2021/2xxx/CVE-2021-2156.json index acf17630f38..f310fc5649e 100644 --- a/2021/2xxx/CVE-2021-2156.json +++ b/2021/2xxx/CVE-2021-2156.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2156" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Customers Online", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customers Online", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customers Online. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customers Online accessible data as well as unauthorized access to critical data or complete access to all Oracle Customers Online accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customers Online. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customers Online accessible data as well as unauthorized access to critical data or complete access to all Oracle Customers Online accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customers Online. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customers Online accessible data as well as unauthorized access to critical data or complete access to all Oracle Customers Online accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Customers Online. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Customers Online accessible data as well as unauthorized access to critical data or complete access to all Oracle Customers Online accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2157.json b/2021/2xxx/CVE-2021-2157.json index f62bb8f4e23..d1c746c2ed6 100644 --- a/2021/2xxx/CVE-2021-2157.json +++ b/2021/2xxx/CVE-2021-2157.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2157" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TopLink", - "version": { - "version_data": [ - { - "version_value": "10.3.6.0.0", - "version_affected": "=" - }, - { - "version_value": "12.1.3.0.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TopLink", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2158.json b/2021/2xxx/CVE-2021-2158.json index c015cd7902b..cb00c8f277e 100644 --- a/2021/2xxx/CVE-2021-2158.json +++ b/2021/2xxx/CVE-2021-2158.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2158" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Hyperion Financial Management", - "version": { - "version_data": [ - { - "version_value": "11.1.2.4", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management. CVSS 3.1 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "3.9", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management. CVSS 3.1 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Financial Management accessible data as well as unauthorized read access to a subset of Hyperion Financial Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Financial Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2159.json b/2021/2xxx/CVE-2021-2159.json index 784c433c919..a8ca94359ce 100644 --- a/2021/2xxx/CVE-2021-2159.json +++ b/2021/2xxx/CVE-2021-2159.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2159" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PeopleSoft Enterprise CS Campus Community", - "version": { - "version_data": [ - { - "version_value": "9.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CS Campus Community", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "3.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Campus Community accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Campus Community accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2160.json b/2021/2xxx/CVE-2021-2160.json index 2deed33974e..391aaa862aa 100644 --- a/2021/2xxx/CVE-2021-2160.json +++ b/2021/2xxx/CVE-2021-2160.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2160" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.30 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.17 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.30 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2161.json b/2021/2xxx/CVE-2021-2161.json index c688ec5213e..a912e8757be 100644 --- a/2021/2xxx/CVE-2021-2161.json +++ b/2021/2xxx/CVE-2021-2161.json @@ -1,95 +1,98 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2161" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Java SE JDK and JRE", - "version": { - "version_data": [ - { - "version_value": "Java SE:7u291", - "version_affected": "=" - }, - { - "version_value": "Java SE:8u281", - "version_affected": "=" - }, - { - "version_value": "Java SE:11.0.10", - "version_affected": "=" - }, - { - "version_value": "Java SE:16", - "version_affected": "=" - }, - { - "version_value": "Java SE Embedded:8u281", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:19.3.5", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE JDK and JRE", + "version": { + "version_data": [ + { + "version_value": "Java SE:7u291", + "version_affected": "=" + }, + { + "version_value": "Java SE:8u281", + "version_affected": "=" + }, + { + "version_value": "Java SE:11.0.10", + "version_affected": "=" + }, + { + "version_value": "Java SE:16", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded:8u281", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:19.3.5", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.9", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2162.json b/2021/2xxx/CVE-2021-2162.json index fd0a23e8409..ed6e4c755d7 100644 --- a/2021/2xxx/CVE-2021-2162.json +++ b/2021/2xxx/CVE-2021-2162.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2162" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.33 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.33 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2163.json b/2021/2xxx/CVE-2021-2163.json index 6ccafab1174..fec0cffd404 100644 --- a/2021/2xxx/CVE-2021-2163.json +++ b/2021/2xxx/CVE-2021-2163.json @@ -1,95 +1,98 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2163" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Java SE JDK and JRE", - "version": { - "version_data": [ - { - "version_value": "Java SE:7u291", - "version_affected": "=" - }, - { - "version_value": "Java SE:8u281", - "version_affected": "=" - }, - { - "version_value": "Java SE:11.0.10", - "version_affected": "=" - }, - { - "version_value": "Java SE:16", - "version_affected": "=" - }, - { - "version_value": "Java SE Embedded:8u281", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:19.3.5", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2", - "version_affected": "=" - }, - { - "version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE JDK and JRE", + "version": { + "version_data": [ + { + "version_value": "Java SE:7u291", + "version_affected": "=" + }, + { + "version_value": "Java SE:8u281", + "version_affected": "=" + }, + { + "version_value": "Java SE:11.0.10", + "version_affected": "=" + }, + { + "version_value": "Java SE:16", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded:8u281", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:19.3.5", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:20.3.1.2", + "version_affected": "=" + }, + { + "version_value": "Oracle GraalVM Enterprise Edition:21.0.0.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2164.json b/2021/2xxx/CVE-2021-2164.json index 10d7037cd19..666dd597910 100644 --- a/2021/2xxx/CVE-2021-2164.json +++ b/2021/2xxx/CVE-2021-2164.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2164" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2166.json b/2021/2xxx/CVE-2021-2166.json index 1ca374c08b5..df1035326e8 100644 --- a/2021/2xxx/CVE-2021-2166.json +++ b/2021/2xxx/CVE-2021-2166.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2166" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "5.7.33 and prior", - "version_affected": "=" - }, - { - "version_value": "8.0.23 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.33 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.23 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file diff --git a/2021/2xxx/CVE-2021-2167.json b/2021/2xxx/CVE-2021-2167.json index d1a54ab736d..05a5756cf5b 100644 --- a/2021/2xxx/CVE-2021-2167.json +++ b/2021/2xxx/CVE-2021-2167.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2021-2167" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Solaris Operating System", - "version": { - "version_data": [ - { - "version_value": "10", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2021-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.8", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + } + ] } +} \ No newline at end of file