admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #382 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-01-08 09:42:27 -05:00 committed by GitHub
commit 800be58f85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
101 changed files with 3494 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2009/4xxx/CVE-2009-4623.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php."
"value": "Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598."
}
]
},

5
2015/9xxx/CVE-2015-9251.json
View File

@ -236,6 +236,11 @@
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
}
]
}

12
2018/11xxx/CVE-2018-11212.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file."
"value": "An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file."
}
]
},
@ -117,6 +117,11 @@
"name": "RHSA-2019:0640",
"url": "https://access.redhat.com/errata/RHSA-2019:0640"
},
{
"refsource": "MISC",
"name": "http://www.ijg.org/",
"url": "http://www.ijg.org/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1238",
@ -141,6 +146,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us"
},
{
"refsource": "MISC",
"name": "https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git",
"url": "https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git"
}
]
}

15
2018/16xxx/CVE-2018-16042.json
View File

@ -61,6 +61,21 @@
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

5
2018/16xxx/CVE-2018-16156.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securifera.com/advisories/cve-2018-16156/",
"url": "https://www.securifera.com/advisories/cve-2018-16156/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160832/PaperStream-IP-TWAIN-1.42.0.5685-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/160832/PaperStream-IP-TWAIN-1.42.0.5685-Local-Privilege-Escalation.html"
}
]
}

63
2018/18xxx/CVE-2018-18688.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18688",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

63
2018/18xxx/CVE-2018-18689.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18689",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/evaluation_2018.html",
"url": "https://pdf-insecurity.org/signature/evaluation_2018.html"
},
{
"refsource": "MISC",
"name": "https://pdf-insecurity.org/signature/signature.html",
"url": "https://pdf-insecurity.org/signature/signature.html"
},
{
"refsource": "MISC",
"name": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/",
"url": "https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/"
}
]
}

48
2018/20xxx/CVE-2018-20313.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20313",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20314.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20314",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20315.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20315",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

48
2018/20xxx/CVE-2018-20316.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20316",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}

5
2019/11xxx/CVE-2019-11229.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.6",
"refsource": "MISC",
"name": "https://github.com/go-gitea/gitea/releases/tag/v1.7.6"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160833/Gitea-1.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/160833/Gitea-1.7.5-Remote-Code-Execution.html"
}
]
}

62
2019/18xxx/CVE-2019-18642.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html"
}
]
}
}

62
2019/18xxx/CVE-2019-18643.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to upload ASPX code and gain remote code execution on the application. The application typically runs as LocalSystem as mandated in the installation guide. Patched in versions 8.10 and 9.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html"
}
]
}
}

5
2019/19xxx/CVE-2019-19451.json
View File

@ -61,6 +61,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0021",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-cbc0754798",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKLQU2XBM4BGRKOF3L4C5QCPBUNTKEUN/"
}
]
}

2
2019/20xxx/CVE-2019-20816.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference."
"value": "An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data."
}
]
},

2
2019/20xxx/CVE-2019-20820.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference."
"value": "An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data."
}
]
},

5
2020/10xxx/CVE-2020-10199.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
}
]
}

61
2020/13xxx/CVE-2020-13449.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/thecodingmachine/gotenberg/issues/199",
"refsource": "MISC",
"name": "https://github.com/thecodingmachine/gotenberg/issues/199"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html"
}
]
}

61
2020/13xxx/CVE-2020-13450.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/thecodingmachine/gotenberg/issues/199",
"refsource": "MISC",
"name": "https://github.com/thecodingmachine/gotenberg/issues/199"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html"
}
]
}

61
2020/13xxx/CVE-2020-13451.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/thecodingmachine/gotenberg/issues/199",
"refsource": "MISC",
"name": "https://github.com/thecodingmachine/gotenberg/issues/199"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html"
}
]
}

61
2020/13xxx/CVE-2020-13452.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-13452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/thecodingmachine/gotenberg/issues/199",
"refsource": "MISC",
"name": "https://github.com/thecodingmachine/gotenberg/issues/199"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
"url": "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html"
}
]
}

50
2020/13xxx/CVE-2020-13573.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rockwell Automation",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1184"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability."
}
]
}

66
2020/17xxx/CVE-2020-17500.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.barco.com/en/support/transform-n-management-server",
"refsource": "MISC",
"name": "https://www.barco.com/en/support/transform-n-management-server"
},
{
"url": "https://www.barco.com/en/support/cms",
"refsource": "MISC",
"name": "https://www.barco.com/en/support/cms"
},
{
"refsource": "CONFIRM",
"name": "https://www.barco.com/en/support/knowledge-base/kb11588",
"url": "https://www.barco.com/en/support/knowledge-base/kb11588"
}
]
}

5
2020/17xxx/CVE-2020-17518.json
View File

@ -113,6 +113,11 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210107 [jira] [Closed] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10",
"url": "https://lists.apache.org/thread.html/r705fb2211b82c9f1f8d2b1d4c823bcbca50402ba09b96608ec657efe@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210107 [jira] [Commented] (FLINK-20875) Could patch CVE-2020-17518 to version 1.10",
"url": "https://lists.apache.org/thread.html/r5444acac3407ef6397d6aef1b5aec2db53b4b88ef221e63084c1e5f2@%3Cissues.flink.apache.org%3E"
}
]
},

5
2020/24xxx/CVE-2020-24386.json
View File

@ -81,6 +81,11 @@
"refsource": "FULLDISC",
"name": "20210106 CVE-2020-24386: IMAP hibernation allows accessing other peoples mail",
"url": "http://seclists.org/fulldisclosure/2021/Jan/18"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160842/Dovecot-2.3.11.3-Access-Bypass.html",
"url": "http://packetstormsecurity.com/files/160842/Dovecot-2.3.11.3-Access-Bypass.html"
}
]
},

66
2020/24xxx/CVE-2020-24577.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/"
},
{
"refsource": "CONFIRM",
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28241",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28241"
}
]
}

5
2020/25xxx/CVE-2020-25275.json
View File

@ -76,6 +76,11 @@
"refsource": "FULLDISC",
"name": "20210106 CVE-2020-24386: IMAP hibernation allows accessing other peoples mail",
"url": "http://seclists.org/fulldisclosure/2021/Jan/18"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160841/Dovecot-2.3.11.3-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/160841/Dovecot-2.3.11.3-Denial-Of-Service.html"
}
]
}

5
2020/25xxx/CVE-2020-25649.json
View File

@ -198,6 +198,11 @@
"refsource": "MLIST",
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
}
]
},

50
2020/25xxx/CVE-2020-25680.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JBCS httpd",
"version": {
"version_data": [
{
"version_value": "JBCS httpd 2.4.37 SP5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892703"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity."
}
]
}

5
2020/25xxx/CVE-2020-25692.json
View File

@ -48,6 +48,11 @@
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0006/"
}
]
},

56
2020/25xxx/CVE-2020-25950.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49369",
"url": "https://www.exploit-db.com/exploits/49369"
}
]
}

5
2020/26xxx/CVE-2020-26258.json
View File

@ -88,6 +88,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201231 [SECURITY] [DLA 2507-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4828",
"url": "https://www.debian.org/security/2021/dsa-4828"
}
]
},

5
2020/26xxx/CVE-2020-26259.json
View File

@ -88,6 +88,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201231 [SECURITY] [DLA 2507-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00042.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4828",
"url": "https://www.debian.org/security/2021/dsa-4828"
}
]
},

5
2020/27xxx/CVE-2020-27350.json
View File

@ -110,6 +110,11 @@
"refsource": "DEBIAN",
"name": "DSA-4808",
"url": "https://www.debian.org/security/2020/dsa-4808"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0005/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0005/"
}
]
},

50
2020/27xxx/CVE-2020-27835.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel versions prior to 5.10-rc6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901709"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system."
}
]
}

10
2020/28xxx/CVE-2020-28052.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"
}
]
}

5
2020/28xxx/CVE-2020-28168.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"
}
]
}

87
2020/28xxx/CVE-2020-28468.json
View File

@ -3,16 +3,95 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T11:16:01.591316Z",
"ID": "CVE-2020-28468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Control of Generation of Code ('Code Injection')"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pwntools",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345",
"name": "https://snyk.io/vuln/SNYK-PYTHON-PWNTOOLS-1047345"
},
{
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/issues/1427",
"name": "https://github.com/Gallopsled/pwntools/issues/1427"
},
{
"refsource": "MISC",
"url": "https://github.com/Gallopsled/pwntools/pull/1732",
"name": "https://github.com/Gallopsled/pwntools/pull/1732"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Arusekk"
}
]
}

5
2020/28xxx/CVE-2020-28974.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0003/"
}
]
}

5
2020/29xxx/CVE-2020-29368.json
View File

@ -66,6 +66,11 @@
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0002/"
}
]
}

5
2020/29xxx/CVE-2020-29600.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00035.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-d1aa0e030c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/"
}
]
}

10
2020/35xxx/CVE-2020-35176.json
View File

@ -61,6 +61,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201223 [SECURITY] [DLA 2506-1] awstats security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00035.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-4cba5f2846",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHYCKLW5VPM6KP2WZW6DCCVHVBG7YCW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-d1aa0e030c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/"
}
]
}

2
2020/35xxx/CVE-2020-35598.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI."
"value": "ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623"
}
]
},

5
2020/35xxx/CVE-2020-35737.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html",
"url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49378",
"url": "https://www.exploit-db.com/exploits/49378"
}
]
},

66
2020/35xxx/CVE-2020-35745.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.phpgurukul.com/hospital-management-system-in-php/",
"refsource": "MISC",
"name": "https://www.phpgurukul.com/hospital-management-system-in-php/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0",
"url": "https://medium.com/@ashketchum/privilege-escalation-unauthenticated-access-to-admin-portal-cve-2020-35745-bb5d5dca97a0"
},
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=vnSsg6iwV9Y&feature=youtu.be&ab_channel=ashketchum",
"url": "https://www.youtube.com/watch?v=vnSsg6iwV9Y&feature=youtu.be&ab_channel=ashketchum"
}
]
}

66
2020/36xxx/CVE-2020-36048.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b",
"refsource": "MISC",
"name": "https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b"
},
{
"url": "https://blog.caller.xyz/socketio-engineio-dos/",
"refsource": "MISC",
"name": "https://blog.caller.xyz/socketio-engineio-dos/"
},
{
"url": "https://github.com/bcaller/kill-engine-io",
"refsource": "MISC",
"name": "https://github.com/bcaller/kill-engine-io"
}
]
}

66
2020/36xxx/CVE-2020-36049.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.caller.xyz/socketio-engineio-dos/",
"refsource": "MISC",
"name": "https://blog.caller.xyz/socketio-engineio-dos/"
},
{
"url": "https://github.com/bcaller/kill-engine-io",
"refsource": "MISC",
"name": "https://github.com/bcaller/kill-engine-io"
},
{
"url": "https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55",
"refsource": "MISC",
"name": "https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55"
}
]
}

203
2020/4xxx/CVE-2020-4135.json
View File

@ -1,102 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2020-02-18T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4135"
},
"description" : {
"description_data" : [
{
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"A" : "H",
"PR" : "N",
"AC" : "L",
"C" : "N",
"S" : "U",
"UI" : "N",
"AV" : "N",
"SCORE" : "7.500",
"I" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4135"
},
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "9.7"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.5"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux- UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
"value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.",
"lang": "eng"
}
]
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2876307 (DB2 for Linux- UNIX and Windows)",
"url" : "https://www.ibm.com/support/pages/node/2876307",
"name" : "https://www.ibm.com/support/pages/node/2876307"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806",
"name" : "ibm-db2-cve20204135-dos (173806)"
}
]
}
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"A": "H",
"PR": "N",
"AC": "L",
"C": "N",
"S": "U",
"UI": "N",
"AV": "N",
"SCORE": "7.500",
"I": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "9.7"
},
{
"version_value": "10.1"
},
{
"version_value": "10.5"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
},
"product_name": "DB2 for Linux- UNIX and Windows"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2876307 (DB2 for Linux- UNIX and Windows)",
"url": "https://www.ibm.com/support/pages/node/2876307",
"name": "https://www.ibm.com/support/pages/node/2876307"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173806",
"name": "ibm-db2-cve20204135-dos (173806)"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210108-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210108-0001/"
}
]
}
}

90
2020/4xxx/CVE-2020-4892.json
View File

@ -1,17 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
}
}
]
}
}
]
}
},
"data_type": "CVE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"AV": "N",
"AC": "L",
"A": "N",
"PR": "L",
"C": "L",
"S": "C",
"UI": "R",
"I": "L",
"SCORE": "5.400"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4892",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398274",
"url": "https://www.ibm.com/support/pages/node/6398274",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398274 (Emptoris Contract Management)"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}

90
2020/4xxx/CVE-2020-4893.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6398282",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)",
"name": "https://www.ibm.com/support/pages/node/6398282"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984",
"title": "X-Force Vulnerability Report",
"name": "ibm-emptoris-cve20204893-info-disc (190984)"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "N",
"SCORE": "5.900",
"S": "U",
"C": "H",
"UI": "N",
"AV": "N",
"A": "N",
"PR": "N",
"AC": "H"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Strategic Supply Management"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

96
2020/4xxx/CVE-2020-4895.json
View File

@ -1,17 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvssv3": {
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"C": "L",
"S": "C",
"AV": "N",
"A": "N",
"AC": "L",
"PR": "L",
"I": "L",
"SCORE": "6.400"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398286",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398286 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986",
"title": "X-Force Vulnerability Report",
"name": "ibm-emptoris-cve20204895-xss (190986)"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2020-4895"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.",
"lang": "eng"
}
]
}

90
2020/4xxx/CVE-2020-4896.json
View File

@ -1,17 +1,95 @@
{
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"SCORE": "6.500",
"I": "L",
"UI": "N",
"C": "L",
"S": "U",
"A": "N",
"AC": "L",
"PR": "N",
"AV": "N"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398284",
"title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-01-06T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4896",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Sourcing"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
]
}

112
2020/4xxx/CVE-2020-4897.json
View File

@ -1,17 +1,117 @@
{
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4897",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"SCORE": "5.300",
"I": "N",
"PR": "N",
"A": "N",
"AC": "L",
"AV": "N",
"UI": "N",
"S": "U",
"C": "L"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
"url": "https://www.ibm.com/support/pages/node/6398276",
"name": "https://www.ibm.com/support/pages/node/6398276"
},
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398280",
"name": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Contract Management"
},
{
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Spend Analysis"
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
]
}

86
2020/4xxx/CVE-2020-4898.json
View File

@ -1,17 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00"
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"I": "N",
"SCORE": "5.900",
"AV": "N",
"PR": "N",
"A": "N",
"AC": "H",
"C": "H",
"S": "U",
"UI": "N"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398278",
"title": "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989",
"refsource": "XF",
"name": "ibm-emptoris-cve20204898-info-disc (190989)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
},
"product_name": "Emptoris Strategic Supply Management"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.",
"lang": "eng"
}
]
}

5
2020/5xxx/CVE-2020-5421.json
View File

@ -153,6 +153,11 @@
"refsource": "MLIST",
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E"
}
]
},

117
2020/6xxx/CVE-2020-6655.json
View File

@ -1,18 +1,121 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"ID": "CVE-2020-6655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "File parsing Out-Of-Bounds read remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easySoft Software",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Francis Provencher from ZDI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Eaton's easySoft software v7.20 and prior are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Apply the patch once it is provided by Eaton. "
}
],
"source": {
"advisory": "ETN-VA-2020-1009",
"defect": [
"ETN-VA-2020-1009"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Do not upload the E70 file from an untrusted source."
}
]
}

127
2020/6xxx/CVE-2020-6656.json
View File

@ -1,18 +1,131 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"ID": "CVE-2020-6656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "File parsing Type Confusion Remote code execution vulerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easySoft Software",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Francis Provencher from ZDI"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton's easySoft software v7.20 and prior are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1441/"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1442/"
},
{
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1444/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Apply the patch once it is provided by Eaton. "
}
],
"source": {
"advisory": "ETN-VA-2020-1009",
"defect": [
"ETN-VA-2020-1009"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Do not upload the E70 file from an untrusted source."
}
]
}

77
2020/7xxx/CVE-2020-7784.json
View File

@ -3,16 +3,85 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T12:35:21.837511Z",
"ID": "CVE-2020-7784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "command_injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ts-process-promises",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command_injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-TSPROCESSPROMISES-1048334",
"name": "https://snyk.io/vuln/SNYK-JS-TSPROCESSPROMISES-1048334"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:"
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "JHU System Security Lab"
}
]
}

77
2020/7xxx/CVE-2020-7794.json
View File

@ -3,16 +3,85 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-08T12:21:06.655833Z",
"ID": "CVE-2020-7794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "buns",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-BUNS-1050389",
"name": "https://snyk.io/vuln/SNYK-JS-BUNS-1050389"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule)."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "JHU System Security Lab"
}
]
}

2
2020/9xxx/CVE-2020-9048.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in victor Web Client versions up to and including v5.4.1 could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack."
"value": "A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack."
}
]
},

78
2021/1xxx/CVE-2021-1051.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1051",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or escalation of privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an operation is performed which may lead to denial of service or escalation of privileges."
}
]
}
}

78
2021/1xxx/CVE-2021-1052.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1052",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1052",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service, escalation of privileges, or information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure."
}
]
}
}

78
2021/1xxx/CVE-2021-1053.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1053",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service."
}
]
}
}

78
2021/1xxx/CVE-2021-1054.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1054",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service."
}
]
}
}

78
2021/1xxx/CVE-2021-1055.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1055",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1055",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of service and information disclosure."
}
]
}
}

78
2021/1xxx/CVE-2021-1056.json
View File

@ -1,18 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-1056",
"ASSIGNER" : "psirt@nvidia.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "NVIDIA",
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
}
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service or information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5142"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure."
}
]
}
}

18
2021/23xxx/CVE-2021-23239.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23240.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2021/23xxx/CVE-2021-23241.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mercusys.com/en/",
"refsource": "MISC",
"name": "https://www.mercusys.com/en/"
},
{
"url": "https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md",
"refsource": "MISC",
"name": "https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md"
},
{
"url": "https://www.mercurycom.com.cn/product-521-1.html",
"refsource": "MISC",
"name": "https://www.mercurycom.com.cn/product-521-1.html"
}
]
}
}

72
2021/23xxx/CVE-2021-23242.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mercusys.com/en/",
"refsource": "MISC",
"name": "https://www.mercusys.com/en/"
},
{
"url": "https://www.mercurycom.com.cn/product-521-1.html",
"refsource": "MISC",
"name": "https://www.mercurycom.com.cn/product-521-1.html"
},
{
"url": "https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Upnp%20Server%20Directory%20Traversal.md",
"refsource": "MISC",
"name": "https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Upnp%20Server%20Directory%20Traversal.md"
}
]
}
}

18
2021/23xxx/CVE-2021-23243.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23244.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23245.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23246.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23247.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23248.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23249.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23250.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23251.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23252.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23253.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23254.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23255.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23256.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23257.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23258.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23259.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23260.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23261.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23262.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23263.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23264.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23265.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23266.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/23xxx/CVE-2021-23267.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2021/3xxx/CVE-2021-3025.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://invisioncommunity.com/release-notes/",
"refsource": "MISC",
"name": "https://invisioncommunity.com/release-notes/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160830/IPS-Community-Suite-4.5.4-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/160830/IPS-Community-Suite-4.5.4-SQL-Injection.html"
}
]
}

18
2021/3xxx/CVE-2021-3109.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3110.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3111.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

Some files were not shown because too many files have changed in this diff Show More