admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into cna/Zyxel/CVE-2021-35031

Browse Source
This commit is contained in:
Zyxel PSIRT 2021-12-28 23:46:47 +08:00 committed by GitHub
commit 92afc337b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 809 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/14xxx/CVE-2017-14107.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5",
"refsource": "MISC",
"url": "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2858-1] libzip security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00022.html"
}
]
}

5
2017/18xxx/CVE-2017-18635.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4522-1",
"url": "https://usn.ubuntu.com/4522-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2854-1] novnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00024.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000805.json
View File

@ -104,6 +104,11 @@
"refsource": "MISC",
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
]
}

53
2018/17xxx/CVE-2018-17875.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17875",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.html",
"refsource": "MISC",
"name": "https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.html"
},
{
"refsource": "MISC",
"name": "http://unkl4b.github.io/Authenticated-RCE-in-Polycom-Trio-8800-pt-1/",
"url": "http://unkl4b.github.io/Authenticated-RCE-in-Polycom-Trio-8800-pt-1/"
}
]
}

5
2018/7xxx/CVE-2018-7750.json
View File

@ -136,6 +136,11 @@
"name": "https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst",
"refsource": "CONFIRM",
"url": "https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2860-1] paramiko security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html"
}
]
}

61
2019/20xxx/CVE-2019-20082.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-20082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.asus.com",
"refsource": "MISC",
"name": "https://www.asus.com"
},
{
"refsource": "MISC",
"name": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-20082",
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-20082"
}
]
}

5
2020/18xxx/CVE-2020-18442.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/gdraheim/zziplib/issues/68",
"refsource": "MISC",
"name": "https://github.com/gdraheim/zziplib/issues/68"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211228 [SECURITY] [DLA 2859-1] zziplib security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00021.html"
}
]
}

2
2021/35xxx/CVE-2021-35031.json
View File

@ -1 +1 @@
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35031"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"GS1900 series firmware","version":{"version_data":[{"version_value":"2.60"}]}},{"product_name":"XGS1210 series firmware","version":{"version_data":[{"version_value":"1.00(ABTY.4)C0"}]}},{"product_name":"XGS1250 series firmware","version":{"version_data":[{"version_value":"1.00(ABWE.0)C0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"}]},"impact":{"cvss":{"baseScore":"6.8","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."}]}}
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35031","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"GS1900 series firmware","version":{"version_data":[{"version_value":"2.60"}]}},{"product_name":"XGS1210 series firmware","version":{"version_data":[{"version_value":"1.00(ABTY.4)C0"}]}},{"product_name":"XGS1250 series firmware","version":{"version_data":[{"version_value":"1.00(ABWE.0)C0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"}]},"impact":{"cvss":{"baseScore":"6.8","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device."}]}}

57
2021/35xxx/CVE-2021-35032.json
View File

@ -3,15 +3,66 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "GS1900 series firmware",
"version": {
"version_data": [
{
"version_value": "2.60"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.4",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call."
}
]
}

71
2021/37xxx/CVE-2021-37400.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A",
"refsource": "MISC",
"name": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer",
"refsource": "MISC",
"name": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"refsource": "MISC",
"name": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf",
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU92279973/",
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
]
}

71
2021/37xxx/CVE-2021-37401.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A",
"refsource": "MISC",
"name": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer",
"refsource": "MISC",
"name": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"refsource": "MISC",
"name": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf",
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU92279973/",
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
]
}

61
2021/40xxx/CVE-2021-40579.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
},
{
"refsource": "MISC",
"name": "https://medium.com/@VAPT01/cve-2021-40579-9eac3409fd24",
"url": "https://medium.com/@VAPT01/cve-2021-40579-9eac3409fd24"
}
]
}

5
2021/40xxx/CVE-2021-40857.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/165163/Auerswald-COMpact-8.0B-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/165163/Auerswald-COMpact-8.0B-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2021-005",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2021-005"
}
]
}

18
2021/44xxx/CVE-2021-44465.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-44465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

10
2021/44xxx/CVE-2021-44653.json
View File

@ -56,6 +56,16 @@
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50561",
"url": "https://www.exploit-db.com/exploits/50561"
},
{
"refsource": "MISC",
"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653",
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44653"
},
{
"refsource": "MISC",
"name": "https://www.nu11secur1ty.com/2021/12/cve-2021-44653.html",
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44653.html"
}
]
}

18
2021/44xxx/CVE-2021-44775.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-44775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2021/45xxx/CVE-2021-45425.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45425",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/1IgGyzU_ekMZf8yWq46DwtIaVsBf3gt2U/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1IgGyzU_ekMZf8yWq46DwtIaVsBf3gt2U/view?usp=sharing"
},
{
"url": "https://drive.google.com/file/d/1yVuCfovUpqwp6KKZW1togf5PigxXQ3dh/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1yVuCfovUpqwp6KKZW1togf5PigxXQ3dh/view?usp=sharing"
}
]
}

56
2021/45xxx/CVE-2021-45812.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/drive/folders/18YCKzFnS5CZRmzgcwc8g7jvLpmqgy68B?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/drive/folders/18YCKzFnS5CZRmzgcwc8g7jvLpmqgy68B?usp=sharing"
}
]
}

56
2021/45xxx/CVE-2021-45813.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/1oKuzCZob9-LOAp-pdGN0MYYBx8y9FnHK/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1oKuzCZob9-LOAp-pdGN0MYYBx8y9FnHK/view?usp=sharing"
}
]
}

66
2021/45xxx/CVE-2021-45903.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_35",
"refsource": "MISC",
"name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_35"
},
{
"url": "https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_2",
"refsource": "MISC",
"name": "https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_2"
},
{
"refsource": "MISC",
"name": "https://github.com/ach-ing/cves/blob/main/CVE-2021-45903.md",
"url": "https://github.com/ach-ing/cves/blob/main/CVE-2021-45903.md"
}
]
}

101
2021/4xxx/CVE-2021-4177.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4177",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac641425-1c64-4874-95e7-c7805c72074e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac641425-1c64-4874-95e7-c7805c72074e"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/b280beae2e0de37b9e998c31c5d1839852724fc1",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/b280beae2e0de37b9e998c31c5d1839852724fc1"
}
]
},
"source": {
"advisory": "ac641425-1c64-4874-95e7-c7805c72074e",
"discovery": "EXTERNAL"
}
}

101
2021/4xxx/CVE-2021-4179.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4179",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.91"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8df06513-c57d-4a55-9798-0a1f6c153535",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8df06513-c57d-4a55-9798-0a1f6c153535"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/c3881fb528af349bf47f9ccbf83c994087faa3e6",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/c3881fb528af349bf47f9ccbf83c994087faa3e6"
}
]
},
"source": {
"advisory": "8df06513-c57d-4a55-9798-0a1f6c153535",
"discovery": "EXTERNAL"
}
}