admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-24 16:01:07 +00:00
parent 74763f81b6
commit a17c792dbc
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
19 changed files with 137 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/20xxx/CVE-2021-20835.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20835",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,7 +45,9 @@
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/jp/JVN49465877/index.html"
"url": "https://jvn.jp/en/jp/JVN49465877/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN49465877/index.html"
}
]
},

15
2021/20xxx/CVE-2021-20840.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20840",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/booking-package/"
"url": "https://wordpress.org/plugins/booking-package/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/booking-package/"
},
{
"url": "https://saasproject.net/ja/fixed/20211019.php"
"url": "https://saasproject.net/ja/fixed/20211019.php",
"refsource": "MISC",
"name": "https://saasproject.net/ja/fixed/20211019.php"
},
{
"url": "https://jvn.jp/en/jp/JVN68066589/index.html"
"url": "https://jvn.jp/en/jp/JVN68066589/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN68066589/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20841.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20841",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/info/weakness/20211111/"
"url": "https://www.ec-cube.net/info/weakness/20211111/",
"refsource": "MISC",
"name": "https://www.ec-cube.net/info/weakness/20211111/"
},
{
"url": "https://jvn.jp/en/jp/JVN75444925/index.html"
"url": "https://jvn.jp/en/jp/JVN75444925/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN75444925/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20842.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20842",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/info/weakness/20211111/"
"url": "https://www.ec-cube.net/info/weakness/20211111/",
"refsource": "MISC",
"name": "https://www.ec-cube.net/info/weakness/20211111/"
},
{
"url": "https://jvn.jp/en/jp/JVN75444925/index.html"
"url": "https://jvn.jp/en/jp/JVN75444925/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN75444925/index.html"
}
]
},

19
2021/20xxx/CVE-2021-20843.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20843",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,16 +45,24 @@
"references": {
"reference_data": [
{
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
},

19
2021/20xxx/CVE-2021-20844.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20844",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,16 +45,24 @@
"references": {
"reference_data": [
{
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
"url": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html",
"refsource": "MISC",
"name": "https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html"
},
{
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
"url": "https://business.ntt-east.co.jp/topics/2021/11_09.html",
"refsource": "MISC",
"name": "https://business.ntt-east.co.jp/topics/2021/11_09.html"
},
{
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html",
"refsource": "MISC",
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
"url": "https://jvn.jp/en/vu/JVNVU91161784/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU91161784/index.html"
}
]
},

15
2021/20xxx/CVE-2021-20845.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20845",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://www.xml-sitemaps.com/standalone-google-sitemap-generator.html"
"url": "https://www.xml-sitemaps.com/standalone-google-sitemap-generator.html",
"refsource": "MISC",
"name": "https://www.xml-sitemaps.com/standalone-google-sitemap-generator.html"
},
{
"url": "https://www.xml-sitemaps.com/news-20210831.html"
"url": "https://www.xml-sitemaps.com/news-20210831.html",
"refsource": "MISC",
"name": "https://www.xml-sitemaps.com/news-20210831.html"
},
{
"url": "https://jvn.jp/en/jp/JVN58407606/index.html"
"url": "https://jvn.jp/en/jp/JVN58407606/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN58407606/index.html"
}
]
},

15
2021/20xxx/CVE-2021-20846.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20846",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,13 +45,19 @@
"references": {
"reference_data": [
{
"url": "https://delitestudio.com/en/"
"url": "https://delitestudio.com/en/",
"refsource": "MISC",
"name": "https://delitestudio.com/en/"
},
{
"url": "https://wordpress.org/plugins/push-notifications-for-wp/"
"url": "https://wordpress.org/plugins/push-notifications-for-wp/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/push-notifications-for-wp/"
},
{
"url": "https://jvn.jp/en/jp/JVN85492429/index.html"
"url": "https://jvn.jp/en/jp/JVN85492429/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN85492429/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20848.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20848",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://github.com/schollz/rwtxt"
"url": "https://github.com/schollz/rwtxt",
"refsource": "MISC",
"name": "https://github.com/schollz/rwtxt"
},
{
"url": "https://jvn.jp/en/jp/JVN22515597/index.html"
"url": "https://jvn.jp/en/jp/JVN22515597/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN22515597/index.html"
}
]
},

11
2021/20xxx/CVE-2021-20850.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20850",
"ASSIGNER": "vultures@jpcert.or.jp"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -44,10 +45,14 @@
"references": {
"reference_data": [
{
"url": "https://www.powercms.jp/news/release-patch-xmlrpc-api-202110.html"
"url": "https://www.powercms.jp/news/release-patch-xmlrpc-api-202110.html",
"refsource": "MISC",
"name": "https://www.powercms.jp/news/release-patch-xmlrpc-api-202110.html"
},
{
"url": "https://jvn.jp/en/jp/JVN17645965/index.html"
"url": "https://jvn.jp/en/jp/JVN17645965/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN17645965/index.html"
}
]
},

5
2021/32xxx/CVE-2021-32037.json
View File

@ -86,8 +86,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-59071"
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/SERVER-59071",
"name": "https://jira.mongodb.org/browse/SERVER-59071"
}
]
},

7
2021/3xxx/CVE-2021-3552.json
View File

@ -57,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server.\nThis issue affects:\nBitdefender Endpoint Security Tools\nversions prior to 6.6.27.390;\nversions prior to 7.1.2.33.\nBitdefender GravityZone\n6.24.1-1."
"value": "A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1."
}
]
},
@ -95,8 +95,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825",
"name": "https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825"
}
]
},

7
2021/3xxx/CVE-2021-3553.json
View File

@ -69,7 +69,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host.\nThis issue affects:\nBitdefender Endpoint Security Tools\nversions prior to 6.6.27.390;\nversions prior to 7.1.2.33.\nBitdefender Unified Endpoint for Linux\nversions prior to 6.2.21.160.\nBitdefender GravityZone\nversions prior to 6.24.1-1."
"value": "A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1."
}
]
},
@ -107,8 +107,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825/"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825/",
"name": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825/"
}
]
},

7
2021/3xxx/CVE-2021-3554.json
View File

@ -69,7 +69,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches.\nThis issue affects:\nBitdefender Endpoint Security Tools for Linux\nversions prior to 6.6.27.390;\nversions prior to 7.1.2.33.\nBitdefender Unified Endpoint\nversions prior to 6.2.21.160.\nBitdefender GravityZone\nversions prior to 6.24.1-1."
"value": "Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1."
}
]
},
@ -107,8 +107,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825"
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825",
"name": "https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825"
}
]
},

2
2021/40xxx/CVE-2021-40496.json
View File

@ -104,7 +104,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284"
"value": "CWE-668"
}
]
}

4
2021/40xxx/CVE-2021-40502.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to."
"value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to."
}
]
},
@ -64,7 +64,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "CWE-862"
}
]
}

4
2021/40xxx/CVE-2021-40503.json
View File

@ -24,7 +24,7 @@
},
{
"version_name": "<",
"version_value": "7.70 PL4"
"version_value": "< 7.70 PL4"
}
]
}
@ -56,7 +56,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-200"
"value": "CWE-522"
}
]
}

2
2021/41xxx/CVE-2021-41192.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory.\n\n"
"value": "Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory."
}
]
},

18
2021/4xxx/CVE-2021-4016.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}