From 8fabb45477d7746cf1cbbc8c1323acd8a3d13ac8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Nov 2021 15:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/3xxx/CVE-2016-3976.json | 5 + 2016/9xxx/CVE-2016-9563.json | 5 + 2021/38xxx/CVE-2021-38887.json | 174 ++++++++++++++++----------------- 2021/43xxx/CVE-2021-43339.json | 67 +++++++++++++ 2021/43xxx/CVE-2021-43523.json | 72 ++++++++++++++ 2021/43xxx/CVE-2021-43561.json | 62 ++++++++++++ 6 files changed, 298 insertions(+), 87 deletions(-) create mode 100644 2021/43xxx/CVE-2021-43339.json create mode 100644 2021/43xxx/CVE-2021-43523.json create mode 100644 2021/43xxx/CVE-2021-43561.json diff --git a/2016/3xxx/CVE-2016-3976.json b/2016/3xxx/CVE-2016-3976.json index 57b0855499c..ada8017312d 100644 --- a/2016/3xxx/CVE-2016-3976.json +++ b/2016/3xxx/CVE-2016-3976.json @@ -76,6 +76,11 @@ "name": "39996", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39996/" + }, + { + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2234971", + "url": "https://launchpad.support.sap.com/#/notes/2234971" } ] } diff --git a/2016/9xxx/CVE-2016-9563.json b/2016/9xxx/CVE-2016-9563.json index bf4cf40b5c0..a076a0e79b4 100644 --- a/2016/9xxx/CVE-2016-9563.json +++ b/2016/9xxx/CVE-2016-9563.json @@ -61,6 +61,11 @@ "name": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/", "refsource": "MISC", "url": "https://erpscan.io/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/" + }, + { + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2296909", + "url": "https://launchpad.support.sap.com/#/notes/2296909" } ] } diff --git a/2021/38xxx/CVE-2021-38887.json b/2021/38xxx/CVE-2021-38887.json index 6127dfc5861..a856e248ab8 100644 --- a/2021/38xxx/CVE-2021-38887.json +++ b/2021/38xxx/CVE-2021-38887.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "I" : "N", - "AV" : "N", - "S" : "U", - "PR" : "L", - "UI" : "N", - "SCORE" : "4.300", - "A" : "N", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6510178 (InfoSphere Information Server)", - "name" : "https://www.ibm.com/support/pages/node/6510178", - "url" : "https://www.ibm.com/support/pages/node/6510178" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-infosphere-cve202138887-info-disc (209401)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/209401" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38887", - "DATE_PUBLIC" : "2021-11-09T00:00:00", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.7" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - } -} + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "I": "N", + "AV": "N", + "S": "U", + "PR": "L", + "UI": "N", + "SCORE": "4.300", + "A": "N", + "C": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6510178 (InfoSphere Information Server)", + "name": "https://www.ibm.com/support/pages/node/6510178", + "url": "https://www.ibm.com/support/pages/node/6510178" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-infosphere-cve202138887-info-disc (209401)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209401" + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38887", + "DATE_PUBLIC": "2021-11-09T00:00:00", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43339.json b/2021/43xxx/CVE-2021-43339.json new file mode 100644 index 00000000000..7a3b1403026 --- /dev/null +++ b/2021/43xxx/CVE-2021-43339.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ericsson Network Location MPS GMPC21, it is possible for an authenticated attacker to inject commands via file_name in the export functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pentest.com.tr/blog/RCE-via-Meow-Variant-along-with-an-Example-0day-PacketHackingVillage-Defcon29.html", + "refsource": "MISC", + "name": "https://pentest.com.tr/blog/RCE-via-Meow-Variant-along-with-an-Example-0day-PacketHackingVillage-Defcon29.html" + }, + { + "url": "https://www.exploit-db.com/exploits/50468", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50468" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43523.json b/2021/43xxx/CVE-2021-43523.json new file mode 100644 index 00000000000..d280fc4f68d --- /dev/null +++ b/2021/43xxx/CVE-2021-43523.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://uclibc-ng.org/", + "refsource": "MISC", + "name": "https://uclibc-ng.org/" + }, + { + "url": "https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174", + "refsource": "MISC", + "name": "https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/11/09/1", + "url": "https://www.openwall.com/lists/oss-security/2021/11/09/1" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43561.json b/2021/43xxx/CVE-2021-43561.json new file mode 100644 index 00000000000..b28421ff431 --- /dev/null +++ b/2021/43xxx/CVE-2021-43561.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-015", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-015" + } + ] + } +} \ No newline at end of file