From 87224dfc9649641a52dea94eb31501cce3b99556 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Jul 2021 18:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/23xxx/CVE-2020-23178.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23179.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23181.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23182.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23184.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23185.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23190.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23192.json | 56 ++++++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23194.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36395.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36396.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36397.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36398.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36399.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36408.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36409.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36410.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36411.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36412.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36413.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36414.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36415.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36416.json | 56 ++++++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9484.json | 5 +++ 2021/1xxx/CVE-2021-1675.json | 10 ++++++ 2021/24xxx/CVE-2021-24145.json | 5 +++ 2021/24xxx/CVE-2021-24146.json | 5 +++ 2021/25xxx/CVE-2021-25329.json | 5 +++ 2021/31xxx/CVE-2021-31874.json | 56 ++++++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35956.json | 5 +++ 30 files changed, 1235 insertions(+), 144 deletions(-) diff --git a/2020/23xxx/CVE-2020-23178.json b/2020/23xxx/CVE-2020-23178.json index d92ab979a57..159dc179335 100644 --- a/2020/23xxx/CVE-2020-23178.json +++ b/2020/23xxx/CVE-2020-23178.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23178", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23178", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/issues/2314", + "url": "https://github.com/PHPFusion/PHPFusion/issues/2314" } ] } diff --git a/2020/23xxx/CVE-2020-23179.json b/2020/23xxx/CVE-2020-23179.json index 79acbf3ff0a..cfb8f42fb26 100644 --- a/2020/23xxx/CVE-2020-23179.json +++ b/2020/23xxx/CVE-2020-23179.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23179", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23179", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Site footer\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/PHPFusion/PHPFusion/issues/2320", + "url": "https://github.com/PHPFusion/PHPFusion/issues/2320" } ] } diff --git a/2020/23xxx/CVE-2020-23181.json b/2020/23xxx/CVE-2020-23181.json index 03159702a53..1cce09e5f5f 100644 --- a/2020/23xxx/CVE-2020-23181.json +++ b/2020/23xxx/CVE-2020-23181.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23181", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23181", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Manage Theme\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/phpfusion/PHPFusion/issues/2326", + "url": "https://github.com/phpfusion/PHPFusion/issues/2326" } ] } diff --git a/2020/23xxx/CVE-2020-23182.json b/2020/23xxx/CVE-2020-23182.json index 49b4d736c40..005924820eb 100644 --- a/2020/23xxx/CVE-2020-23182.json +++ b/2020/23xxx/CVE-2020-23182.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23182", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23182", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/phpfusion/PHPFusion/issues/2329", + "url": "https://github.com/phpfusion/PHPFusion/issues/2329" } ] } diff --git a/2020/23xxx/CVE-2020-23184.json b/2020/23xxx/CVE-2020-23184.json index 851933487dd..ccd6935c245 100644 --- a/2020/23xxx/CVE-2020-23184.json +++ b/2020/23xxx/CVE-2020-23184.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23184", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23184", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Registration\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/phpfusion/PHPFusion/issues/2323", + "url": "https://github.com/phpfusion/PHPFusion/issues/2323" } ] } diff --git a/2020/23xxx/CVE-2020-23185.json b/2020/23xxx/CVE-2020-23185.json index 12549f8ef74..1413e0f9531 100644 --- a/2020/23xxx/CVE-2020-23185.json +++ b/2020/23xxx/CVE-2020-23185.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23185", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23185", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/phpfusion/PHPFusion/issues/2331", + "url": "https://github.com/phpfusion/PHPFusion/issues/2331" } ] } diff --git a/2020/23xxx/CVE-2020-23190.json b/2020/23xxx/CVE-2020-23190.json index 800d4f2b03f..1d44fb8777e 100644 --- a/2020/23xxx/CVE-2020-23190.json +++ b/2020/23xxx/CVE-2020-23190.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23190", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23190", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the \"Import emails\" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phpList/phplist3/issues/667", + "refsource": "MISC", + "name": "https://github.com/phpList/phplist3/issues/667" } ] } diff --git a/2020/23xxx/CVE-2020-23192.json b/2020/23xxx/CVE-2020-23192.json index 23cd74ccc19..a7d458a5c3a 100644 --- a/2020/23xxx/CVE-2020-23192.json +++ b/2020/23xxx/CVE-2020-23192.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23192", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23192", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the \"admin\" parameter under the \"Manage administrators\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phpList/phplist3/issues/671", + "refsource": "MISC", + "name": "https://github.com/phpList/phplist3/issues/671" } ] } diff --git a/2020/23xxx/CVE-2020-23194.json b/2020/23xxx/CVE-2020-23194.json index 9076f49ac9c..70b5467bf01 100644 --- a/2020/23xxx/CVE-2020-23194.json +++ b/2020/23xxx/CVE-2020-23194.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the \"Import Subscribers\" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phpList/phplist3/issues/678", + "refsource": "MISC", + "name": "https://github.com/phpList/phplist3/issues/678" } ] } diff --git a/2020/36xxx/CVE-2020-36395.json b/2020/36xxx/CVE-2020-36395.json index 97b65e4c323..c9906f7ec0f 100644 --- a/2020/36xxx/CVE-2020-36395.json +++ b/2020/36xxx/CVE-2020-36395.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36395", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"New\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LavaLite/cms/issues/321", + "refsource": "MISC", + "name": "https://github.com/LavaLite/cms/issues/321" } ] } diff --git a/2020/36xxx/CVE-2020-36396.json b/2020/36xxx/CVE-2020-36396.json index 43086d92f26..0c5606cd9c8 100644 --- a/2020/36xxx/CVE-2020-36396.json +++ b/2020/36xxx/CVE-2020-36396.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36396", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36396", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"New\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LavaLite/cms/issues/322", + "refsource": "MISC", + "name": "https://github.com/LavaLite/cms/issues/322" } ] } diff --git a/2020/36xxx/CVE-2020-36397.json b/2020/36xxx/CVE-2020-36397.json index 80a7c6b5934..01ad4e726ec 100644 --- a/2020/36xxx/CVE-2020-36397.json +++ b/2020/36xxx/CVE-2020-36397.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36397", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36397", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"New\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LavaLite/cms/issues/323", + "refsource": "MISC", + "name": "https://github.com/LavaLite/cms/issues/323" } ] } diff --git a/2020/36xxx/CVE-2020-36398.json b/2020/36xxx/CVE-2020-36398.json index 004a11c71af..2809b201cd9 100644 --- a/2020/36xxx/CVE-2020-36398.json +++ b/2020/36xxx/CVE-2020-36398.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36398", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36398", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the \"Campaign\" field under the \"Send a campaign\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phpList/phplist3/issues/676", + "refsource": "MISC", + "name": "https://github.com/phpList/phplist3/issues/676" } ] } diff --git a/2020/36xxx/CVE-2020-36399.json b/2020/36xxx/CVE-2020-36399.json index adc7aaf4c52..b0d6c801d13 100644 --- a/2020/36xxx/CVE-2020-36399.json +++ b/2020/36xxx/CVE-2020-36399.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36399", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36399", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the \"rule1\" parameter under the \"Bounce Rules\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/phpList/phplist3/issues/675", + "refsource": "MISC", + "name": "https://github.com/phpList/phplist3/issues/675" } ] } diff --git a/2020/36xxx/CVE-2020-36408.json b/2020/36xxx/CVE-2020-36408.json index fd0f30ac2aa..497d7571ddc 100644 --- a/2020/36xxx/CVE-2020-36408.json +++ b/2020/36xxx/CVE-2020-36408.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36408", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36408", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Add Shortcut\" parameter under the \"Manage Shortcuts\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36409.json b/2020/36xxx/CVE-2020-36409.json index 555613dfbb9..ed9510b7938 100644 --- a/2020/36xxx/CVE-2020-36409.json +++ b/2020/36xxx/CVE-2020-36409.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36409", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36409", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Add Category\" parameter under the \"Categories\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36410.json b/2020/36xxx/CVE-2020-36410.json index 6dae1f05d9f..38767983f45 100644 --- a/2020/36xxx/CVE-2020-36410.json +++ b/2020/36xxx/CVE-2020-36410.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36410", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36410", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Email address to receive notification of news submission\" parameter under the \"Options\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36411.json b/2020/36xxx/CVE-2020-36411.json index 0272c514b2f..56773931646 100644 --- a/2020/36xxx/CVE-2020-36411.json +++ b/2020/36xxx/CVE-2020-36411.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Path for the {page_image} tag:\" or \"Path for thumbnail field:\" parameters under the \"Content Editing Settings\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36412.json b/2020/36xxx/CVE-2020-36412.json index a21b9e3cd7e..751561fd1bd 100644 --- a/2020/36xxx/CVE-2020-36412.json +++ b/2020/36xxx/CVE-2020-36412.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Search Text\" field under the \"Admin Search\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36413.json b/2020/36xxx/CVE-2020-36413.json index 026e035cd14..4d59fc8a717 100644 --- a/2020/36xxx/CVE-2020-36413.json +++ b/2020/36xxx/CVE-2020-36413.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Exclude these IP addresses from the \"Site Down\" status\" parameter under the \"Maintenance Mode\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36414.json b/2020/36xxx/CVE-2020-36414.json index d3090eed1e1..4505980e494 100644 --- a/2020/36xxx/CVE-2020-36414.json +++ b/2020/36xxx/CVE-2020-36414.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"URL (slug)\" or \"Extra\" fields under the \"Add Article\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36415.json b/2020/36xxx/CVE-2020-36415.json index ca24841c277..a8f8460e690 100644 --- a/2020/36xxx/CVE-2020-36415.json +++ b/2020/36xxx/CVE-2020-36415.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36415", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36415", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Create a new Stylesheet\" parameter under the \"Stylesheets\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/36xxx/CVE-2020-36416.json b/2020/36xxx/CVE-2020-36416.json index 1195a64b40e..736be3939c4 100644 --- a/2020/36xxx/CVE-2020-36416.json +++ b/2020/36xxx/CVE-2020-36416.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36416", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36416", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Create a new Design\" parameter under the \"Designs\" module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dev.cmsmadesimple.org/bug/view/12325", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/bug/view/12325" } ] } diff --git a/2020/9xxx/CVE-2020-9484.json b/2020/9xxx/CVE-2020-9484.json index e02b3ddbda4..3dde2f998c6 100644 --- a/2020/9xxx/CVE-2020-9484.json +++ b/2020/9xxx/CVE-2020-9484.json @@ -223,6 +223,11 @@ "refsource": "MLIST", "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", + "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" } ] }, diff --git a/2021/1xxx/CVE-2021-1675.json b/2021/1xxx/CVE-2021-1675.json index 3d7e466647b..0c97ee24f99 100644 --- a/2021/1xxx/CVE-2021-1675.json +++ b/2021/1xxx/CVE-2021-1675.json @@ -283,6 +283,16 @@ "refsource": "CERT-VN", "name": "VU#383432", "url": "https://www.kb.cert.org/vuls/id/383432" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.html" } ] } diff --git a/2021/24xxx/CVE-2021-24145.json b/2021/24xxx/CVE-2021-24145.json index ba6d20622d1..be2f92e17cf 100644 --- a/2021/24xxx/CVE-2021-24145.json +++ b/2021/24xxx/CVE-2021-24145.json @@ -68,6 +68,11 @@ "refsource": "MISC", "url": "https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610", "name": "https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/163346/WordPress-Modern-Events-Calendar-5.16.2-Shell-Upload.html" } ] }, diff --git a/2021/24xxx/CVE-2021-24146.json b/2021/24xxx/CVE-2021-24146.json index 9d27b4385d0..4eb61bbacb8 100644 --- a/2021/24xxx/CVE-2021-24146.json +++ b/2021/24xxx/CVE-2021-24146.json @@ -68,6 +68,11 @@ "refsource": "MISC", "url": "https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc", "name": "https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html" } ] }, diff --git a/2021/25xxx/CVE-2021-25329.json b/2021/25xxx/CVE-2021-25329.json index 715e62d8a55..f9221136037 100644 --- a/2021/25xxx/CVE-2021-25329.json +++ b/2021/25xxx/CVE-2021-25329.json @@ -144,6 +144,11 @@ "refsource": "MLIST", "name": "[tomcat-users] 20210702 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", + "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" } ] }, diff --git a/2021/31xxx/CVE-2021-31874.json b/2021/31xxx/CVE-2021-31874.json index 63cd0421b72..ba08da6a510 100644 --- a/2021/31xxx/CVE-2021-31874.json +++ b/2021/31xxx/CVE-2021-31874.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes", + "url": "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes" } ] } diff --git a/2021/35xxx/CVE-2021-35956.json b/2021/35xxx/CVE-2021-35956.json index d32b1c14f91..4e5a4533dc8 100644 --- a/2021/35xxx/CVE-2021-35956.json +++ b/2021/35xxx/CVE-2021-35956.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://tbutler.org/2021/06/28/cve-2021-35956", "url": "https://tbutler.org/2021/06/28/cve-2021-35956" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.html" } ] }