diff --git a/2020/18xxx/CVE-2020-18144.json b/2020/18xxx/CVE-2020-18144.json index 6093d6a4799..1fcef812f00 100644 --- a/2020/18xxx/CVE-2020-18144.json +++ b/2020/18xxx/CVE-2020-18144.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yundiao/ectouch/issues/1", + "refsource": "MISC", + "name": "https://github.com/yundiao/ectouch/issues/1" } ] } diff --git a/2020/29xxx/CVE-2020-29146.json b/2020/29xxx/CVE-2020-29146.json index 87d7a3a8e4f..e76150624be 100644 --- a/2020/29xxx/CVE-2020-29146.json +++ b/2020/29xxx/CVE-2020-29146.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29146", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29146", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execute arbitrary web scripts or HTML via a constructed payload created by adding the X-Forwarded-For field to the header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lowliness9.me/post/iDACsrRWO/", + "refsource": "MISC", + "name": "https://lowliness9.me/post/iDACsrRWO/" } ] } diff --git a/2020/29xxx/CVE-2020-29147.json b/2020/29xxx/CVE-2020-29147.json index f96ca77d867..b79538cec9e 100644 --- a/2020/29xxx/CVE-2020-29147.json +++ b/2020/29xxx/CVE-2020-29147.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lowliness9.me/post/Ma16ZrNDN/", + "refsource": "MISC", + "name": "https://lowliness9.me/post/Ma16ZrNDN/" } ] } diff --git a/2020/36xxx/CVE-2020-36419.json b/2020/36xxx/CVE-2020-36419.json new file mode 100644 index 00000000000..04dc05c9030 --- /dev/null +++ b/2020/36xxx/CVE-2020-36419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9967.json b/2020/9xxx/CVE-2020-9967.json index 088df6b5910..0d72aee2399 100644 --- a/2020/9xxx/CVE-2020-9967.json +++ b/2020/9xxx/CVE-2020-9967.json @@ -113,6 +113,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212011", "name": "https://support.apple.com/en-us/HT212011" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html", + "url": "http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html" } ] }, diff --git a/2021/23xxx/CVE-2021-23407.json b/2021/23xxx/CVE-2021-23407.json index d90e48e3566..c81ac8a0de0 100644 --- a/2021/23xxx/CVE-2021-23407.json +++ b/2021/23xxx/CVE-2021-23407.json @@ -52,16 +52,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152", + "name": "https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152" }, { - "refsource": "CONFIRM", - "url": "https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73" + "refsource": "MISC", + "url": "https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73", + "name": "https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73" }, { - "refsource": "CONFIRM", - "url": "https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4" + "refsource": "MISC", + "url": "https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4", + "name": "https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4" } ] }, @@ -69,7 +72,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package elFinder.Net.Core from 0 and before 1.2.4.\n The user-controlled file name is not properly sanitized before it is used to create a file system path.\r\n\r\n" + "value": "This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path." } ] }, diff --git a/2021/24xxx/CVE-2021-24086.json b/2021/24xxx/CVE-2021-24086.json index 974f93bda20..54481f7419e 100644 --- a/2021/24xxx/CVE-2021-24086.json +++ b/2021/24xxx/CVE-2021-24086.json @@ -267,6 +267,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/163499/Windows-TCP-IP-Denial-Of-Service.html" } ] } diff --git a/2021/28xxx/CVE-2021-28476.json b/2021/28xxx/CVE-2021-28476.json index efd942b486e..85607b3bccb 100644 --- a/2021/28xxx/CVE-2021-28476.json +++ b/2021/28xxx/CVE-2021-28476.json @@ -174,6 +174,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163497/Microsoft-Hyper-V-vmswitch.sys-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/163497/Microsoft-Hyper-V-vmswitch.sys-Proof-Of-Concept.html" } ] } diff --git a/2021/31xxx/CVE-2021-31762.json b/2021/31xxx/CVE-2021-31762.json index acd45192ace..55c7d56f531 100644 --- a/2021/31xxx/CVE-2021-31762.json +++ b/2021/31xxx/CVE-2021-31762.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/electronicbots/CVE-2021-31762", "url": "https://github.com/electronicbots/CVE-2021-31762" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html" } ] } diff --git a/2021/31xxx/CVE-2021-31859.json b/2021/31xxx/CVE-2021-31859.json index 0b3c8c4657a..613eda3bf05 100644 --- a/2021/31xxx/CVE-2021-31859.json +++ b/2021/31xxx/CVE-2021-31859.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ysoft.com/en", + "refsource": "MISC", + "name": "https://www.ysoft.com/en" + }, + { + "refsource": "MISC", + "name": "https://www.ysoft.com/en/legal/ysoft-safeq-flexispooler", + "url": "https://www.ysoft.com/en/legal/ysoft-safeq-flexispooler" } ] } diff --git a/2021/32xxx/CVE-2021-32537.json b/2021/32xxx/CVE-2021-32537.json index 51015e18e90..a7ddaf194d7 100644 --- a/2021/32xxx/CVE-2021-32537.json +++ b/2021/32xxx/CVE-2021-32537.json @@ -80,6 +80,11 @@ "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4813-7b578-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-4813-7b578-1.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163498/Realtek-RTKVHD64.sys-Out-Of-Bounds-Access.html", + "url": "http://packetstormsecurity.com/files/163498/Realtek-RTKVHD64.sys-Out-Of-Bounds-Access.html" } ] }, diff --git a/2021/36xxx/CVE-2021-36740.json b/2021/36xxx/CVE-2021-36740.json new file mode 100644 index 00000000000..7c25f547578 --- /dev/null +++ b/2021/36xxx/CVE-2021-36740.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://varnish-cache.org/security/VSV00007.html", + "refsource": "MISC", + "name": "https://varnish-cache.org/security/VSV00007.html" + }, + { + "url": "https://docs.varnish-software.com/security/VSV00007/", + "refsource": "MISC", + "name": "https://docs.varnish-software.com/security/VSV00007/" + }, + { + "url": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf", + "refsource": "MISC", + "name": "https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf" + }, + { + "url": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be", + "refsource": "MISC", + "name": "https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be" + } + ] + } +} \ No newline at end of file