"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2021-03-03 20:00:45 +00:00 · 2021-03-03 20:00:45 +00:00 · 739a9fb9af
commit 739a9fb9af
parent 174c3a189f
6 changed files with 146 additions and 17 deletions
--- a/2020/27xxx/CVE-2020-27216.json
+++ b/2020/27xxx/CVE-2020-27216.json
@ -380,6 +380,11 @@
                "refsource": "MLIST",
                "name": "[iotdb-reviews] 20210303 [GitHub] [iotdb] wangchao316 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216",
                "url": "https://lists.apache.org/thread.html/r503045a75f4419d083cb63ac89e765d6fb8b10c7dacc0c54fce07cff@%3Creviews.iotdb.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[beam-issues] 20210303 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
+                "url": "https://lists.apache.org/thread.html/r2aa316d008dab9ae48350b330d15dc1b863ea2a933558fbfc42b91a6@%3Cissues.beam.apache.org%3E"
            }
        ]
    }
--- a/2021/21xxx/CVE-2021-21312.json
+++ b/2021/21xxx/CVE-2021-21312.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: \"Web Link\" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: \" accesskey=\"x\" onclick=\"alert(1)\" x=\", the content will be saved within the database without any control. \n\nAnd then once you return to the summary documents page, by clicking on the \"Web Link\" of the newly created file it will create a new empty tab, but on the initial tab the pop-up \"1\" will appear."
+                "value": "GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: \"Web Link\" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: \" accesskey=\"x\" onclick=\"alert(1)\" x=\", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the \"Web Link\" of the newly created file it will create a new empty tab, but on the initial tab the pop-up \"1\" will appear."
            }
        ]
    },
@ -69,15 +69,15 @@
    },
    "references": {
        "reference_data": [
-            {
-                "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2",
-                "refsource": "CONFIRM",
-                "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2"
-            },
            {
                "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.4",
                "refsource": "MISC",
                "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.4"
+            },
+            {
+                "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2"
            }
        ]
    },
--- a/2021/21xxx/CVE-2021-21314.json
+++ b/2021/21xxx/CVE-2021-21314.json
@ -69,15 +69,15 @@
    },
    "references": {
        "reference_data": [
-            {
-                "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg",
-                "refsource": "CONFIRM",
-                "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg"
-            },
            {
                "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.4",
                "refsource": "MISC",
                "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.4"
+            },
+            {
+                "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg"
            }
        ]
    },
--- a/2021/27xxx/CVE-2021-27931.json
+++ b/2021/27xxx/CVE-2021-27931.json
@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2021-27931",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2021-27931",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/sl4cky/LumisXP-XXE---POC/blob/main/poc.txt",
+                "refsource": "MISC",
+                "name": "https://github.com/sl4cky/LumisXP-XXE---POC/blob/main/poc.txt"
            }
        ]
    }
--- a/2021/27xxx/CVE-2021-27934.json
+++ b/2021/27xxx/CVE-2021-27934.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-27934",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2021/27xxx/CVE-2021-27935.json
+++ b/2021/27xxx/CVE-2021-27935.json
@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2021-27935",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/AdguardTeam/AdGuardHome/issues/2470",
+                "refsource": "MISC",
+                "name": "https://github.com/AdguardTeam/AdGuardHome/issues/2470"
+            }
+        ]
+    }
+}