"-Synchronized-Data."

This commit is contained in:
CVE Team 2021-03-03 18:00:41 +00:00
parent fb02779d72
commit 6b393c2164
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 953 additions and 217 deletions

View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/158291/AnyDesk-GUI-Format-String-Write.html",
"url": "http://packetstormsecurity.com/files/158291/AnyDesk-GUI-Format-String-Write.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161628/AnyDesk-5.5.2-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161628/AnyDesk-5.5.2-Remote-Code-Execution.html"
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Webkit",
"version": {
"version_data": [
{
"version_value": "Webkit WebKitGTK 2.30.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1172",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1172"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Slic3r",
"version": {
"version_data": [
{
"version_value": "Slic3r libslic3r 1.3.0 , Slic3r libslic3r Master Commit 92abbc42"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Epignosis",
"version": {
"version_data": [
{
"version_value": "Epignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "predictable seed"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice."
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-hotel-booking/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-hotel-booking/#developers"
},
{
"refsource": "MISC",
"name": "https://appcheck-ng.com/cve-2020-29047/",
"url": "https://appcheck-ng.com/cve-2020-29047/"
}
]
}

View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 20.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Storing Passwords in a Recoverable Format (CWE-257)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/867164",
"url": "https://hackerone.com/reports/867164"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-006"
},
{
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/21037",
"url": "https://github.com/nextcloud/server/pull/21037"
},
{
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/issues/17439",
"url": "https://github.com/nextcloud/server/issues/17439"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured."
}
]
}

View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6421023",
"name" : "https://www.ibm.com/support/pages/node/6421023",
"title" : "IBM Security Bulletin 6421023 (Security Verify Bridge)"
},
{
"name" : "ibm-svb-cve202120441-info-disc (196617)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196617"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-20441",
"DATE_PUBLIC" : "2021-03-02T00:00:00"
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
},
"product_name" : "Security Verify Bridge"
}
]
},
"vendor_name" : "IBM"
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6421023",
"name": "https://www.ibm.com/support/pages/node/6421023",
"title": "IBM Security Bulletin 6421023 (Security Verify Bridge)"
},
{
"name": "ibm-svb-cve202120441-info-disc (196617)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196617"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"I" : "N",
"SCORE" : "5.900",
"UI" : "N",
"AC" : "H",
"C" : "H",
"PR" : "N",
"AV" : "N",
"S" : "U",
"A" : "N"
}
}
}
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2021-20441",
"DATE_PUBLIC": "2021-03-02T00:00:00"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Security Verify Bridge"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"I": "N",
"SCORE": "5.900",
"UI": "N",
"AC": "H",
"C": "H",
"PR": "N",
"AV": "N",
"S": "U",
"A": "N"
}
}
}
}

View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6421025",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6421025 (Security Verify Bridge)",
"name" : "https://www.ibm.com/support/pages/node/6421025"
},
{
"name" : "ibm-svb-cve202120442-info-disc (196618)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196618"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "N",
"S" : "U",
"I" : "N",
"UI" : "N",
"AC" : "H",
"SCORE" : "5.900",
"PR" : "N",
"C" : "H"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
},
"product_name" : "Security Verify Bridge"
}
]
}
"value": "IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.",
"lang": "eng"
}
]
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6421025",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6421025 (Security Verify Bridge)",
"name": "https://www.ibm.com/support/pages/node/6421025"
},
{
"name": "ibm-svb-cve202120442-info-disc (196618)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196618"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "N",
"S": "U",
"I": "N",
"UI": "N",
"AC": "H",
"SCORE": "5.900",
"PR": "N",
"C": "H"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": ""
}
]
},
"product_name": "Security Verify Bridge"
}
]
}
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-03-02T00:00:00",
"ID" : "CVE-2021-20442",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-03-02T00:00:00",
"ID": "CVE-2021-20442",
"ASSIGNER": "psirt@us.ibm.com"
}
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware View Planner",
"version": {
"version_data": [
{
"version_value": "VMware View Planner 4.x prior to 4.6 Security Patch 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0003.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0003.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container."
}
]
}

View File

@ -4,15 +4,94 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.8, <13.8.2"
},
{
"version_value": ">=13.7, <13.7.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/280779",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/280779",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1030189",
"url": "https://hackerone.com/reports/1030189",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22182.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22182.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.8, <13.8.4"
},
{
"version_value": ">=13.7, <13.7.7"
},
{
"version_value": ">=13.0, <13.6.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/227040",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/916340",
"url": "https://hackerone.com/reports/916340",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22188.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks aemirercin for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers",
"version": {
"version_data": [
{
"version_value": "RSLogix 5000 Versions 16 through 20"
},
{
"version_value": "Studio 5000 Logix Designer: Versions 21 and later"
},
{
"version_value": "CompactLogix 1768, 1769, 5370, 5380, 5480"
},
{
"version_value": "ControlLogix 5550, 5560, 5570, 5580"
},
{
"version_value": "DriveLogix 5560, 5730, 1794-L34"
},
{
"version_value": "Compact GuardLogix 5370, 5380"
},
{
"version_value": "GuardLogix 5570, 5580"
},
{
"version_value": "SoftLogix 5800"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800."
}
]
}

View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 20.0.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1061591",
"url": "https://hackerone.com/reports/1061591"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-004",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-004"
},
{
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/issues/24600",
"url": "https://github.com/nextcloud/server/issues/24600"
},
{
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/25224",
"url": "https://github.com/nextcloud/server/pull/25224"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet."
}
]
}

View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "Fixed in 20.0.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/896522",
"url": "https://hackerone.com/reports/896522"
},
{
"refsource": "MISC",
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-005",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2021-005"
},
{
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/25234",
"url": "https://github.com/nextcloud/server/pull/25234"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`."
}
]
}

View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1043360",
"url": "https://hackerone.com/reports/1043360"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory."
}
]
}

View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1069487",
"url": "https://hackerone.com/reports/1069487"
},
{
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/"
},
{
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160",
"url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes \u201clocalhost6\u201d. When \u201clocalhost6\u201d is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the \u201clocalhost6\u201d domain. As long as the attacker uses the \u201clocalhost6\u201d domain, they can still apply the attack described in CVE-2018-7160."
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)",
"url": "http://seclists.org/fulldisclosure/2021/Mar/2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/161623/jpeg-xl-0.3.1-Memory-Corruption.html"
}
]
}