admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-26 18:02:03 +00:00
parent 4e09508856
commit 9b88ff88a8
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
66 changed files with 1460 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2019/25xxx/CVE-2019-25015.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

20
2020/13xxx/CVE-2020-13379.json
View File

@ -141,6 +141,26 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1646",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html"
},
{
"refsource": "MLIST",
"name": "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
"url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
"url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
"url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
"url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E"
}
]
}

5
2020/17xxx/CVE-2020-17518.json
View File

@ -168,6 +168,11 @@
"refsource": "MLIST",
"name": "[flink-dev] 20210115 Re: [DISCUSS] Releasing Apache Flink 1.10.3",
"url": "https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1@%3Cdev.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-dev] 20210121 Re: [VOTE] Release 1.10.3, release candidate #1",
"url": "https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c68174bfb8c27d1e20faa@%3Cdev.flink.apache.org%3E"
}
]
},

56
2020/22xxx/CVE-2020-22643.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-22643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-22643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/liufee/cms/issues/51",
"refsource": "MISC",
"name": "https://github.com/liufee/cms/issues/51"
}
]
}

5
2020/23xxx/CVE-2020-23342.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://twitter.com/NinadMishra5/status/1350077938176151558",
"url": "https://twitter.com/NinadMishra5/status/1350077938176151558"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html"
}
]
}

56
2020/26xxx/CVE-2020-26941.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-26941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows",
"url": "https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows"
}
]
}

76
2020/28xxx/CVE-2020-28874.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectsend/projectsend/commits/master",
"refsource": "MISC",
"name": "https://github.com/projectsend/projectsend/commits/master"
},
{
"url": "http://projectsend.com",
"refsource": "MISC",
"name": "http://projectsend.com"
},
{
"refsource": "MISC",
"name": "https://github.com/varandinawer/CVE-2020-28874",
"url": "https://github.com/varandinawer/CVE-2020-28874"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e",
"url": "https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/projectsend/projectsend/releases/tag/r1295",
"url": "https://github.com/projectsend/projectsend/releases/tag/r1295"
}
]
}

56
2020/29xxx/CVE-2020-29241.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the \"Title\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@parshwa.fabaf/cross-site-scripting-vulnerability-in-admin-panel-c95bd4ecb6aa",
"refsource": "MISC",
"name": "https://medium.com/@parshwa.fabaf/cross-site-scripting-vulnerability-in-admin-panel-c95bd4ecb6aa"
}
]
}

56
2020/35xxx/CVE-2020-35309.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - \"Categories\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/49161",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49161"
}
]
}

56
2020/35xxx/CVE-2020-35310.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via Add Banners in the Description field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/49190",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49190"
}
]
}

5
2020/35xxx/CVE-2020-35749.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing",
"url": "https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html",
"url": "http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html"
}
]
}

60
2020/8xxx/CVE-2020-8288.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rocket.Chat server",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.9.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/899954",
"url": "https://hackerone.com/reports/899954"
},
{
"refsource": "MISC",
"name": "https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions/",
"url": "https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions/"
},
{
"refsource": "MISC",
"name": "https://docs.rocket.chat/guides/security/security-updates",
"url": "https://docs.rocket.chat/guides/security/security-updates"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter."
}
]
}

55
2020/8xxx/CVE-2020-8292.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rocket.Chat server",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://docs.rocket.chat/guides/security/security-updates",
"url": "https://docs.rocket.chat/guides/security/security-updates"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/962902",
"url": "https://hackerone.com/reports/962902"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes."
}
]
}

10
2020/8xxx/CVE-2020-8554.json
View File

@ -82,12 +82,14 @@
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/97076",
"name": "https://github.com/kubernetes/kubernetes/issues/97076"
}
]
},

10
2020/8xxx/CVE-2020-8567.json
View File

@ -92,12 +92,14 @@
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY",
"name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
"refsource": "MISC",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384",
"name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
}
]
},

10
2020/8xxx/CVE-2020-8568.json
View File

@ -95,12 +95,14 @@
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4",
"name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
"refsource": "MISC",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378",
"name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
}
]
},

12
2020/8xxx/CVE-2020-8569.json
View File

@ -49,7 +49,7 @@
"description_data": [
{
"lang": "eng",
"value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when:\n\n- The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass.\n- The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop.\n\nOnly the volume snapshot feature is affected by this vulnerability. When exploited, users cant take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected."
"value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can\u2019t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected."
}
]
},
@ -87,12 +87,14 @@
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
"refsource": "MISC",
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
"name": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
}
]
},

10
2020/8xxx/CVE-2020-8570.json
View File

@ -74,12 +74,14 @@
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg",
"name": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-client/java/issues/1491"
"refsource": "MISC",
"url": "https://github.com/kubernetes-client/java/issues/1491",
"name": "https://github.com/kubernetes-client/java/issues/1491"
}
]
},

5
2021/1xxx/CVE-2021-1648.json
View File

@ -258,6 +258,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-024/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-024/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-078/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-078/"
}
]
}

22
2021/21xxx/CVE-2021-21238.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature.\n\nThis is fixed in PySAML2 6.5.0."
"value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."
}
]
},
@ -69,6 +69,16 @@
},
"references": {
"reference_data": [
{
"name": "https://pypi.org/project/pysaml2",
"refsource": "MISC",
"url": "https://pypi.org/project/pysaml2"
},
{
"name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0",
"refsource": "MISC",
"url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
},
{
"name": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9",
"refsource": "CONFIRM",
@ -78,16 +88,6 @@
"name": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14",
"refsource": "MISC",
"url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
},
{
"name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0",
"refsource": "MISC",
"url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
},
{
"name": "https://pypi.org/project/pysaml2",
"refsource": "MISC",
"url": "https://pypi.org/project/pysaml2"
}
]
},

2
2021/21xxx/CVE-2021-21239.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature.\n\n\nThis is fixed in PySAML2 6.5.0."
"value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0."
}
]
},

2
2021/21xxx/CVE-2021-21253.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system.\n\nWithout a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords.\n\nThis problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system."
"value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system."
}
]
},

50
2021/21xxx/CVE-2021-21723.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21723",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "<ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S>",
"version": {
"version_data": [
{
"version_value": "<all versions up to V1.01.10.B12>"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12."
}
]
}

65
2021/22xxx/CVE-2021-22871.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22871",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/819362",
"url": "https://hackerone.com/reports/819362"
},
{
"refsource": "MISC",
"name": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26",
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"refsource": "MISC",
"name": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439",
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability."
}
]
}

65
2021/22xxx/CVE-2021-22872.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/986365",
"url": "https://hackerone.com/reports/986365"
},
{
"refsource": "MISC",
"name": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e",
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"refsource": "MISC",
"name": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50",
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable."
}
]
}

60
2021/22xxx/CVE-2021-22873.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect (CWE-601)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1081406",
"url": "https://hackerone.com/reports/1081406"
},
{
"refsource": "MISC",
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"refsource": "MISC",
"name": "https://github.com/revive-adserver/revive-adserver/issues/1068",
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability."
}
]
}

2
2021/25xxx/CVE-2021-25175.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3."
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)."
}
]
},

2
2021/25xxx/CVE-2021-25176.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 2 of 3."
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)."
}
]
},

2
2021/25xxx/CVE-2021-25177.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 3 of 3."
"value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)."
}
]
},

18
2021/25xxx/CVE-2021-25647.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25648.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25649.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25650.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25651.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25652.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25653.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25654.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25655.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25656.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25657.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25658.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25659.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25660.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25661.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25661",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25662.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25663.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25664.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25666.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25667.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25668.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25669.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25670.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25671.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25672.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25673.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25674.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25675.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25676.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25677.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25678.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25679.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25680.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/25xxx/CVE-2021-25681.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2021/3xxx/CVE-2021-3152.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled,"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.home-assistant.io/blog/2021/01/14/security-bulletin/",
"url": "https://www.home-assistant.io/blog/2021/01/14/security-bulletin/"
}
]
}

18
2021/3xxx/CVE-2021-3198.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}