From 9146c34224a34b3a0f1b70e6dae094007618cd11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 11 Oct 2021 13:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/29xxx/CVE-2021-29005.json | 61 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29006.json | 61 ++++++++++++++++++++++++++++++---- 2021/40xxx/CVE-2021-40542.json | 56 +++++++++++++++++++++++++++---- 2021/40xxx/CVE-2021-40543.json | 56 +++++++++++++++++++++++++++---- 2021/42xxx/CVE-2021-42250.json | 18 ++++++++++ 5 files changed, 228 insertions(+), 24 deletions(-) create mode 100644 2021/42xxx/CVE-2021-42250.json diff --git a/2021/29xxx/CVE-2021-29005.json b/2021/29xxx/CVE-2021-29005.json index b060f4a4719..87b0dab0320 100644 --- a/2021/29xxx/CVE-2021-29005.json +++ b/2021/29xxx/CVE-2021-29005.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29005", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29005", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rconfig.com", + "refsource": "MISC", + "name": "http://rconfig.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh", + "url": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29005-POC.sh" } ] } diff --git a/2021/29xxx/CVE-2021-29006.json b/2021/29xxx/CVE-2021-29006.json index 728cc41d06e..9c4def6027f 100644 --- a/2021/29xxx/CVE-2021-29006.json +++ b/2021/29xxx/CVE-2021-29006.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29006", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29006", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rconfig.com", + "refsource": "MISC", + "name": "http://rconfig.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py", + "url": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py" } ] } diff --git a/2021/40xxx/CVE-2021-40542.json b/2021/40xxx/CVE-2021-40542.json index a62ef95f323..855a82a8c36 100644 --- a/2021/40xxx/CVE-2021-40542.json +++ b/2021/40xxx/CVE-2021-40542.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40542", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40542", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OS4ED/openSIS-Classic/issues/189", + "refsource": "MISC", + "name": "https://github.com/OS4ED/openSIS-Classic/issues/189" } ] } diff --git a/2021/40xxx/CVE-2021-40543.json b/2021/40xxx/CVE-2021-40543.json index 15d0e955556..5fd1e7d878c 100644 --- a/2021/40xxx/CVE-2021-40543.json +++ b/2021/40xxx/CVE-2021-40543.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40543", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OS4ED/openSIS-Classic/issues/191", + "refsource": "MISC", + "name": "https://github.com/OS4ED/openSIS-Classic/issues/191" } ] } diff --git a/2021/42xxx/CVE-2021-42250.json b/2021/42xxx/CVE-2021-42250.json new file mode 100644 index 00000000000..d343562551c --- /dev/null +++ b/2021/42xxx/CVE-2021-42250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file