From 9de143a1a5ac81904e93ce616be8926815c67a0a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Apr 2021 14:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/19xxx/CVE-2020-19778.json | 56 +++++++++++++++++++++++++++---- 2020/21xxx/CVE-2020-21087.json | 56 +++++++++++++++++++++++++++---- 2020/21xxx/CVE-2020-21088.json | 61 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36120.json | 56 +++++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26805.json | 56 +++++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26812.json | 56 +++++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26827.json | 56 +++++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26832.json | 56 +++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27113.json | 61 ++++++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27114.json | 61 ++++++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27288.json | 56 +++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27815.json | 56 +++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27990.json | 61 ++++++++++++++++++++++++++++++---- 2021/28xxx/CVE-2021-28300.json | 56 +++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29338.json | 56 +++++++++++++++++++++++++++---- 2021/31xxx/CVE-2021-31152.json | 56 +++++++++++++++++++++++++++---- 16 files changed, 820 insertions(+), 96 deletions(-) diff --git a/2020/19xxx/CVE-2020-19778.json b/2020/19xxx/CVE-2020-19778.json index a98f142f8a6..eb1cf7c85e8 100644 --- a/2020/19xxx/CVE-2020-19778.json +++ b/2020/19xxx/CVE-2020-19778.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19778", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19778", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in \"/index.php\" by manipulating the parameter \"user_id\" in the HTML request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gongfuxiang/shopxo/issues/23", + "refsource": "MISC", + "name": "https://github.com/gongfuxiang/shopxo/issues/23" } ] } diff --git a/2020/21xxx/CVE-2020-21087.json b/2020/21xxx/CVE-2020-21087.json index a879f365b61..ef174862322 100644 --- a/2020/21xxx/CVE-2020-21087.json +++ b/2020/21xxx/CVE-2020-21087.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21087", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21087", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the \"New Name\" field of the \"Rename a Module\" tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/X2Engine/X2CRM/issues/162", + "url": "https://github.com/X2Engine/X2CRM/issues/162" } ] } diff --git a/2020/21xxx/CVE-2020-21088.json b/2020/21xxx/CVE-2020-21088.json index 86c2fb5110a..e635fc92c0b 100644 --- a/2020/21xxx/CVE-2020-21088.json +++ b/2020/21xxx/CVE-2020-21088.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21088", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the \"First Name\" and \"Last Name\" fields in \"/index.php/contacts/create page\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/X2Engine/X2CRM/issues/161", + "url": "https://github.com/X2Engine/X2CRM/issues/161" + }, + { + "refsource": "MISC", + "name": "https://github.com/X2Engine/X2CRM/issues/183", + "url": "https://github.com/X2Engine/X2CRM/issues/183" } ] } diff --git a/2020/36xxx/CVE-2020-36120.json b/2020/36xxx/CVE-2020-36120.json index 41718b7715a..1270fd98a3a 100644 --- a/2020/36xxx/CVE-2020-36120.json +++ b/2020/36xxx/CVE-2020-36120.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36120", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36120", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow in the \"sixel_encoder_encode_bytes\" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saitoha/libsixel/issues/143", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/issues/143" } ] } diff --git a/2021/26xxx/CVE-2021-26805.json b/2021/26xxx/CVE-2021-26805.json index 848f3df395c..78a1ddf723e 100644 --- a/2021/26xxx/CVE-2021-26805.json +++ b/2021/26xxx/CVE-2021-26805.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26805", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26805", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow in the \"add_a_user\" function of tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/justdan96/tsMuxer/issues/395", + "refsource": "MISC", + "name": "https://github.com/justdan96/tsMuxer/issues/395" } ] } diff --git a/2021/26xxx/CVE-2021-26812.json b/2021/26xxx/CVE-2021-26812.json index 1b0f004b141..bdbc2ae2e1d 100644 --- a/2021/26xxx/CVE-2021-26812.json +++ b/2021/26xxx/CVE-2021-26812.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26812", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26812", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the \"sessionpriv.php\" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/udima-university/moodle-mod_jitsi/issues/67", + "refsource": "MISC", + "name": "https://github.com/udima-university/moodle-mod_jitsi/issues/67" } ] } diff --git a/2021/26xxx/CVE-2021-26827.json b/2021/26xxx/CVE-2021-26827.json index 01bc7459d5b..ea8176aca86 100644 --- a/2021/26xxx/CVE-2021-26827.json +++ b/2021/26xxx/CVE-2021-26827.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26827", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26827", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long \"ssid\" parameter to the \"/userRpm/popupSiteSurveyRpm.html\" webpage, which crashes the router." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/GD008/vuln/blob/main/tplink_wr2041/tplink_WR2041pv1.md", + "refsource": "MISC", + "name": "https://github.com/GD008/vuln/blob/main/tplink_wr2041/tplink_WR2041pv1.md" } ] } diff --git a/2021/26xxx/CVE-2021-26832.json b/2021/26xxx/CVE-2021-26832.json index d2a286ad723..9bb8cd94b3e 100644 --- a/2021/26xxx/CVE-2021-26832.json +++ b/2021/26xxx/CVE-2021-26832.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26832", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26832", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in the \"Reset Password\" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/NagliNagli/CVE-2021-26832", + "url": "https://github.com/NagliNagli/CVE-2021-26832" } ] } diff --git a/2021/27xxx/CVE-2021-27113.json b/2021/27xxx/CVE-2021-27113.json index a5fbdcc92b0..7d7b33960a9 100644 --- a/2021/27xxx/CVE-2021-27113.json +++ b/2021/27xxx/CVE-2021-27113.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27113", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/GD008/vuln/blob/main/DIR-816_2.md", + "refsource": "MISC", + "name": "https://github.com/GD008/vuln/blob/main/DIR-816_2.md" } ] } diff --git a/2021/27xxx/CVE-2021-27114.json b/2021/27xxx/CVE-2021-27114.json index 5ee3238f168..7e856b0ce78 100644 --- a/2021/27xxx/CVE-2021-27114.json +++ b/2021/27xxx/CVE-2021-27114.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the\"'s_ip\" and \"s_mac\" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/GD008/vuln/blob/main/DIR-816_stackoverflow.md", + "refsource": "MISC", + "name": "https://github.com/GD008/vuln/blob/main/DIR-816_stackoverflow.md" } ] } diff --git a/2021/27xxx/CVE-2021-27288.json b/2021/27xxx/CVE-2021-27288.json index c76785baef2..90728058c37 100644 --- a/2021/27xxx/CVE-2021-27288.json +++ b/2021/27xxx/CVE-2021-27288.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27288", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27288", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the \"Comment\" field in \"/profile/activity\" page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/X2Engine/X2CRM/issues/183", + "refsource": "MISC", + "name": "https://github.com/X2Engine/X2CRM/issues/183" } ] } diff --git a/2021/27xxx/CVE-2021-27815.json b/2021/27xxx/CVE-2021-27815.json index fdd48238333..43566c91744 100644 --- a/2021/27xxx/CVE-2021-27815.json +++ b/2021/27xxx/CVE-2021-27815.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27815", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27815", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Deference in the \"actions.c\" library of libexif exif v0.6.22 allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libexif/exif/issues/4", + "refsource": "MISC", + "name": "https://github.com/libexif/exif/issues/4" } ] } diff --git a/2021/27xxx/CVE-2021-27990.json b/2021/27xxx/CVE-2021-27990.json index 72df8b96015..85edd347171 100644 --- a/2021/27xxx/CVE-2021-27990.json +++ b/2021/27xxx/CVE-2021-27990.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27990", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27990", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://appspace.com", + "refsource": "MISC", + "name": "http://appspace.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/syedsohaibkarim/PoC-BrokenAuth-AppSpace6.2.4", + "url": "https://github.com/syedsohaibkarim/PoC-BrokenAuth-AppSpace6.2.4" } ] } diff --git a/2021/28xxx/CVE-2021-28300.json b/2021/28xxx/CVE-2021-28300.json index a205574e5eb..7bb7486eb5d 100644 --- a/2021/28xxx/CVE-2021-28300.json +++ b/2021/28xxx/CVE-2021-28300.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28300", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28300", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in the \"isomedia/track.c\" module's \"MergeTrack()\" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/1702", + "url": "https://github.com/gpac/gpac/issues/1702" } ] } diff --git a/2021/29xxx/CVE-2021-29338.json b/2021/29xxx/CVE-2021-29338.json index a62d81f6762..0b1bb559d17 100644 --- a/2021/29xxx/CVE-2021-29338.json +++ b/2021/29xxx/CVE-2021-29338.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29338", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29338", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option \"-ImgDir\" on a directory that contains 1048576 files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/issues/1338", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/1338" } ] } diff --git a/2021/31xxx/CVE-2021-31152.json b/2021/31xxx/CVE-2021-31152.json index d6e071dbb65..e1ddcd8620f 100644 --- a/2021/31xxx/CVE-2021-31152.json +++ b/2021/31xxx/CVE-2021-31152.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31152", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31152", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=zN3DVrcu6Eg", + "url": "https://www.youtube.com/watch?v=zN3DVrcu6Eg" } ] }