admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-27 17:00:59 +00:00
parent 4178fb10fa
commit a4f322c7c2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 833 additions and 696 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/7xxx/CVE-2017-7655.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2793-1] mosquitto security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00022.html"
}
]
}

174
2021/20xxx/CVE-2021-20526.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-20526",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-10-25T00:00:00"
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"PR" : "N",
"S" : "U",
"I" : "N",
"C" : "L",
"SCORE" : "3.700",
"A" : "N",
"UI" : "N",
"AC" : "H"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6507095 (Planning Analytics)",
"name" : "https://www.ibm.com/support/pages/node/6507095",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6507095"
},
{
"name" : "ibm-planning-cve202120526-info-disc (198755)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198755",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics ",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.",
"lang": "eng"
}
]
}
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20526",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-10-25T00:00:00"
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"AV": "N",
"PR": "N",
"S": "U",
"I": "N",
"C": "L",
"SCORE": "3.700",
"A": "N",
"UI": "N",
"AC": "H"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6507095 (Planning Analytics)",
"name": "https://www.ibm.com/support/pages/node/6507095",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6507095"
},
{
"name": "ibm-planning-cve202120526-info-disc (198755)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198755",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Planning Analytics ",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

334
2021/29xxx/CVE-2021-29673.json
View File

@ -1,170 +1,170 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "H"
},
"BM" : {
"UI" : "R",
"AC" : "L",
"A" : "N",
"PR" : "L",
"AV" : "N",
"SCORE" : "5.400",
"C" : "L",
"I" : "L",
"S" : "C"
}
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"name" : "https://www.ibm.com/support/pages/node/6508583",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6508583"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202129673-xss (199482)"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Team Concert"
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Rational DOORS Next Generation"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Rational Engineering Lifecycle Manager"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
}
]
},
"product_name" : "Engineering Workflow Management"
},
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
},
"BM": {
"UI": "R",
"AC": "L",
"A": "N",
"PR": "L",
"AV": "N",
"SCORE": "5.400",
"C": "L",
"I": "L",
"S": "C"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199482",
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202129673-xss (199482)"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Team Concert"
},
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Rational DOORS Next Generation"
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Rational Engineering Lifecycle Manager"
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
},
"product_name": "Engineering Workflow Management"
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-10-25T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-29673"
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482."
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"ID": "CVE-2021-29673"
},
"data_type": "CVE"
}

334
2021/29xxx/CVE-2021-29774.json
View File

@ -1,170 +1,170 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-10-25T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29774"
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "L",
"AV" : "N",
"S" : "U",
"SCORE" : "7.500",
"C" : "H",
"I" : "H",
"UI" : "N",
"AC" : "H",
"A" : "H"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"product_name" : "Engineering Lifecycle Optimization",
"version" : {
"version_data" : [
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Rational DOORS Next Generation"
},
{
"product_name" : "Rational Team Concert",
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
}
]
},
"product_name" : "Engineering Workflow Management"
}
]
}
"value": "IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.",
"lang": "eng"
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"name" : "https://www.ibm.com/support/pages/node/6508583",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6508583"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-engineering-cve202129774-priv-escalation (203025)"
}
]
},
"data_format" : "MITRE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-10-25T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29774"
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"PR": "L",
"AV": "N",
"S": "U",
"SCORE": "7.500",
"C": "H",
"I": "H",
"UI": "N",
"AC": "H",
"A": "H"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"product_name": "Engineering Lifecycle Optimization",
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Rational DOORS Next Generation"
},
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
},
"product_name": "Engineering Workflow Management"
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"name": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6508583"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203025",
"title": "X-Force Vulnerability Report",
"name": "ibm-engineering-cve202129774-priv-escalation (203025)"
}
]
},
"data_format": "MITRE"
}

334
2021/29xxx/CVE-2021-29786.json
View File

@ -1,170 +1,170 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-29786",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-25T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"SCORE" : "6.500",
"C" : "H",
"I" : "N",
"S" : "U",
"PR" : "L",
"AV" : "N",
"UI" : "N",
"AC" : "L",
"A" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Engineering Lifecycle Optimization"
},
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Team Concert"
},
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Rational Engineering Lifecycle Manager"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
}
]
},
"product_name" : "Engineering Workflow Management"
}
]
},
"vendor_name" : "IBM"
"value": "IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.",
"lang": "eng"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6508583",
"title" : "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url" : "https://www.ibm.com/support/pages/node/6508583",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-jazz-cve202129786-info-disc (203172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
}
]
},
"data_format" : "MITRE"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29786",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-25T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"SCORE": "6.500",
"C": "H",
"I": "N",
"S": "U",
"PR": "L",
"AV": "N",
"UI": "N",
"AC": "L",
"A": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Engineering Lifecycle Optimization"
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Team Concert"
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Rational Engineering Lifecycle Manager"
},
{
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
},
"product_name": "Engineering Workflow Management"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6508583",
"title": "IBM Security Bulletin 6508583 (Rational DOORS Next Generation)",
"url": "https://www.ibm.com/support/pages/node/6508583",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-jazz-cve202129786-info-disc (203172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203172"
}
]
},
"data_format": "MITRE"
}

180
2021/29xxx/CVE-2021-29868.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"S" : "U",
"I" : "N",
"SCORE" : "4.000",
"PR" : "N",
"AV" : "L",
"A" : "N",
"C" : "L",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-26T00:00:00",
"ID" : "CVE-2021-29868"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.9.13"
},
{
"version_value" : "9.0.0"
}
]
},
"product_name" : "i2 iBase"
}
]
}
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"S": "U",
"I": "N",
"SCORE": "4.000",
"PR": "N",
"AV": "L",
"A": "N",
"C": "L",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-26T00:00:00",
"ID": "CVE-2021-29868"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.9.13"
},
{
"version_value": "9.0.0"
}
]
},
"product_name": "i2 iBase"
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213."
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6508776 (i2 iBase)",
"name" : "https://www.ibm.com/support/pages/node/6508776",
"url" : "https://www.ibm.com/support/pages/node/6508776"
},
{
"name" : "ibm-i2-cve202129868-info-disc (206213)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/206213",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6508776 (i2 iBase)",
"name": "https://www.ibm.com/support/pages/node/6508776",
"url": "https://www.ibm.com/support/pages/node/6508776"
},
{
"name": "ibm-i2-cve202129868-info-disc (206213)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206213",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"data_type": "CVE"
}

56
2021/37xxx/CVE-2021-37806.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html"
}
]
}

56
2021/37xxx/CVE-2021-37807.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/163574/Online-Shopping-Portal-3.1-SQL-Injection.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/163574/Online-Shopping-Portal-3.1-SQL-Injection.html"
}
]
}

56
2021/37xxx/CVE-2021-37808.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html"
}
]
}