diff --git a/2021/29xxx/CVE-2021-29214.json b/2021/29xxx/CVE-2021-29214.json index 1bd354c3ebf..6ec3dc56d68 100644 --- a/2021/29xxx/CVE-2021-29214.json +++ b/2021/29xxx/CVE-2021-29214.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE StoreServ Management Console (SSMC); HPE 3PAR StoreServ Management and Core Software Media", + "version": { + "version_data": [ + { + "version_value": "3.4 GA to 3.8.1" + }, + { + "version_value": "3.4 GA to 3.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04207en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04207en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege in SSMC. The scope of this vulnerability is limited to SSMC. Note: The arrays being managed are not impacted by this vulnerability. This vulnerability impacts SSMC versions 3.4 GA to 3.8.1." } ] } diff --git a/2021/36xxx/CVE-2021-36911.json b/2021/36xxx/CVE-2021-36911.json index c05b50d58c9..b28cebdda32 100644 --- a/2021/36xxx/CVE-2021-36911.json +++ b/2021/36xxx/CVE-2021-36911.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-10-07T10:22:00.000Z", "ID": "CVE-2021-36911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Comment Engine Pro (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "@rex1989" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by John Castro (Pagely)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/comment-engine-pro/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/comment-engine-pro/" + }, + { + "name": "https://patchstack.com/database/vulnerability/comment-engine-pro/wordpress-comment-engine-pro-plugin-1-0-stored-cross-site-scripting-xss-vulnerability", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/comment-engine-pro/wordpress-comment-engine-pro-plugin-1-0-stored-cross-site-scripting-xss-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Deactivate and delete." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37934.json b/2021/37xxx/CVE-2021-37934.json index 5ad95fd90a1..e5edeefcc3a 100644 --- a/2021/37xxx/CVE-2021-37934.json +++ b/2021/37xxx/CVE-2021-37934.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2021-37934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/andrey-lomtev/4ec9004101152ea9d0043a09d59498a6", + "url": "https://gist.github.com/andrey-lomtev/4ec9004101152ea9d0043a09d59498a6" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing." } ] } diff --git a/2021/37xxx/CVE-2021-37935.json b/2021/37xxx/CVE-2021-37935.json index 6c45691580e..b8fc5929020 100644 --- a/2021/37xxx/CVE-2021-37935.json +++ b/2021/37xxx/CVE-2021-37935.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2021-37935", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064", + "url": "https://gist.github.com/andrey-lomtev/c970fb7dd022d04f5b57ad37fbedd064" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the \"isLdap\" JavaScript parameter in the HTML source code." } ] }