admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-22 20:01:00 +00:00
parent ca79f29e1c
commit 8d3775b994
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 316 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/33xxx/CVE-2021-33488.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20211121 Open-Xchange Security Advisory 2021-11-18",
"url": "http://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33489.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Nov/42",
"url": "http://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33490.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33491.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33492.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33493.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33494.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/33xxx/CVE-2021-33495.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/42",
"url": "https://seclists.org/fulldisclosure/2021/Nov/42"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html",
"url": "http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html"
}
]
}

5
2021/38xxx/CVE-2021-38374.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/Nov/43",
"url": "http://seclists.org/fulldisclosure/2021/Nov/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

5
2021/38xxx/CVE-2021-38375.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/43",
"url": "https://seclists.org/fulldisclosure/2021/Nov/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

5
2021/38xxx/CVE-2021-38376.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/43",
"url": "https://seclists.org/fulldisclosure/2021/Nov/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

5
2021/38xxx/CVE-2021-38377.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/43",
"url": "https://seclists.org/fulldisclosure/2021/Nov/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

5
2021/38xxx/CVE-2021-38378.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Nov/43",
"url": "https://seclists.org/fulldisclosure/2021/Nov/43"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html",
"url": "http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html"
}
]
}

5
2021/41xxx/CVE-2021-41648.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/MobiusBinary/CVE-2021-41648",
"url": "https://github.com/MobiusBinary/CVE-2021-41648"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165036/PuneethReddyHC-Online-Shopping-System-Advanced-1.0-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/165036/PuneethReddyHC-Online-Shopping-System-Advanced-1.0-SQL-Injection.html"
}
]
}

91
2021/42xxx/CVE-2021-42705.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-11-11T22:37:00.000Z",
"ID": "CVE-2021-42705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WECON PLC Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC Editor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.3.8"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
]
},
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
]
}

91
2021/42xxx/CVE-2021-42707.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-11-11T22:37:00.000Z",
"ID": "CVE-2021-42707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WECON PLC Editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC Editor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "1.3.8"
}
]
}
}
]
},
"vendor_name": "WECON"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-01"
}
]
},
"source": {
"advisory": "ICSA-21-315-01",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "WECON has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact WECON technical support for additional information."
}
]
}

2
2021/43xxx/CVE-2021-43408.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Duplicate Post WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles."
"value": "The \"Duplicate Post\" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles."
}
]
},

5
2021/44xxx/CVE-2021-44033.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20211121 CVE-2021-44033: Ionic Identity Vault PIN Unlock Lockout Bypass (Android & iOS)",
"url": "http://seclists.org/fulldisclosure/2021/Nov/41"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165027/Ionic-Identity-Vault-5.0.4-PIN-Unlock-Lockout-Bypass.html",
"url": "http://packetstormsecurity.com/files/165027/Ionic-Identity-Vault-5.0.4-PIN-Unlock-Lockout-Bypass.html"
}
]
}

72
2021/44xxx/CVE-2021-44143.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804"
},
{
"url": "https://sourceforge.net/p/isync/isync/ref/master/tags/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/isync/isync/ref/master/tags/"
},
{
"url": "https://sourceforge.net/p/isync/isync/commit_browser",
"refsource": "MISC",
"name": "https://sourceforge.net/p/isync/isync/commit_browser"
}
]
}
}