From a5e62a3fbcbeeb48abf8769c6da809460fe924b6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 2 Jun 2021 17:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/3xxx/CVE-2011-3656.json | 48 +++++++++++++++++++++- 2015/1xxx/CVE-2015-1877.json | 75 ++++++++++++++++++++++++++++++++-- 2020/22xxx/CVE-2020-22051.json | 61 ++++++++++++++++++++++++--- 2020/24xxx/CVE-2020-24862.json | 66 +++++++++++++++++++++++++++--- 2020/25xxx/CVE-2020-25362.json | 66 +++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30474.json | 61 ++++++++++++++++++++++++--- 2021/3xxx/CVE-2021-3529.json | 50 +++++++++++++++++++++-- 7 files changed, 395 insertions(+), 32 deletions(-) diff --git a/2011/3xxx/CVE-2011-3656.json b/2011/3xxx/CVE-2011-3656.json index 76601eac5ba..50ab09d903e 100644 --- a/2011/3xxx/CVE-2011-3656.json +++ b/2011/3xxx/CVE-2011-3656.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3656", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=667907", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=667907" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2015/1xxx/CVE-2015-1877.json b/2015/1xxx/CVE-2015-1877.json index 0281bd3a489..1fe46d89b1f 100644 --- a/2015/1xxx/CVE-2015-1877.json +++ b/2015/1xxx/CVE-2015-1877.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-1877", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=89129", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=89129" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/18/7", + "url": "http://www.openwall.com/lists/oss-security/2015/02/18/7" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/02/18/9", + "url": "http://www.openwall.com/lists/oss-security/2015/02/18/9" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3165", + "url": "http://www.debian.org/security/2015/dsa-3165" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/72675", + "url": "http://www.securityfocus.com/bid/72675" } ] } diff --git a/2020/22xxx/CVE-2020-22051.json b/2020/22xxx/CVE-2020-22051.json index de56df4baa9..4c2988264a8 100644 --- a/2020/22xxx/CVE-2020-22051.json +++ b/2020/22xxx/CVE-2020-22051.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/8313", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/8313" + }, + { + "refsource": "MISC", + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856" } ] } diff --git a/2020/24xxx/CVE-2020-24862.json b/2020/24xxx/CVE-2020-24862.json index c9172cb04f3..069718b2968 100644 --- a/2020/24xxx/CVE-2020-24862.json +++ b/2020/24xxx/CVE-2020-24862.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/48752", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48752" + }, + { + "url": "https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html" + }, + { + "url": "https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework" } ] } diff --git a/2020/25xxx/CVE-2020-25362.json b/2020/25xxx/CVE-2020-25362.json index bd1b406baa6..b8d89097b33 100644 --- a/2020/25xxx/CVE-2020-25362.json +++ b/2020/25xxx/CVE-2020-25362.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25362", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25362", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql" + }, + { + "url": "https://www.exploit-db.com/exploits/48771", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48771" + }, + { + "url": "https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html" } ] } diff --git a/2021/30xxx/CVE-2021-30474.json b/2021/30xxx/CVE-2021-30474.json index 7b67955cb70..332d99e0632 100644 --- a/2021/30xxx/CVE-2021-30474.json +++ b/2021/30xxx/CVE-2021-30474.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30474", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30474", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=3000" + }, + { + "refsource": "MISC", + "name": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e", + "url": "https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e" } ] } diff --git a/2021/3xxx/CVE-2021-3529.json b/2021/3xxx/CVE-2021-3529.json index 3e94b71fb3b..606ba0cb7b5 100644 --- a/2021/3xxx/CVE-2021-3529.json +++ b/2021/3xxx/CVE-2021-3529.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "noobaa-core", + "version": { + "version_data": [ + { + "version_value": "noobaa 5.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity." } ] }