diff --git a/2020/17xxx/CVE-2020-17453.json b/2020/17xxx/CVE-2020-17453.json index 4cc6bfbb167..a779b5ebeb7 100644 --- a/2020/17xxx/CVE-2020-17453.json +++ b/2020/17xxx/CVE-2020-17453.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-17453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-17453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132", + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/JacksonHHax/status/1374681422678519813", + "url": "https://twitter.com/JacksonHHax/status/1374681422678519813" + }, + { + "refsource": "MISC", + "name": "https://github.com/JHHAX/CVE-2020-17453-PoC", + "url": "https://github.com/JHHAX/CVE-2020-17453-PoC" } ] } diff --git a/2021/20xxx/CVE-2021-20305.json b/2021/20xxx/CVE-2021-20305.json index d528416e2f3..d6cbac4889f 100644 --- a/2021/20xxx/CVE-2021-20305.json +++ b/2021/20xxx/CVE-2021-20305.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nettle", + "version": { + "version_data": [ + { + "version_value": "nettle 3.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1942533", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability." } ] } diff --git a/2021/20xxx/CVE-2021-20307.json b/2021/20xxx/CVE-2021-20307.json index d64617ca33b..d2088df80a4 100644 --- a/2021/20xxx/CVE-2021-20307.json +++ b/2021/20xxx/CVE-2021-20307.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libpano13", + "version": { + "version_data": [ + { + "version_value": "libpano13 2.9.20_rc3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/", + "url": "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1946284", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946284" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values." } ] } diff --git a/2021/20xxx/CVE-2021-20308.json b/2021/20xxx/CVE-2021-20308.json index 389eba4bf65..a3f0bf6373d 100644 --- a/2021/20xxx/CVE-2021-20308.json +++ b/2021/20xxx/CVE-2021-20308.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "htmldoc", + "version": { + "version_data": [ + { + "version_value": "htmldoc 1.9.11 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/michaelrsweet/htmldoc/issues/423", + "url": "https://github.com/michaelrsweet/htmldoc/issues/423" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1946289", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946289" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181." } ] } diff --git a/2021/30xxx/CVE-2021-30134.json b/2021/30xxx/CVE-2021-30134.json new file mode 100644 index 00000000000..e38af244826 --- /dev/null +++ b/2021/30xxx/CVE-2021-30134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30135.json b/2021/30xxx/CVE-2021-30135.json new file mode 100644 index 00000000000..020405c0b3e --- /dev/null +++ b/2021/30xxx/CVE-2021-30135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30136.json b/2021/30xxx/CVE-2021-30136.json new file mode 100644 index 00000000000..0bd89e18469 --- /dev/null +++ b/2021/30xxx/CVE-2021-30136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30137.json b/2021/30xxx/CVE-2021-30137.json new file mode 100644 index 00000000000..2a974735d2f --- /dev/null +++ b/2021/30xxx/CVE-2021-30137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30138.json b/2021/30xxx/CVE-2021-30138.json new file mode 100644 index 00000000000..bb2ee4dea10 --- /dev/null +++ b/2021/30xxx/CVE-2021-30138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30139.json b/2021/30xxx/CVE-2021-30139.json new file mode 100644 index 00000000000..2a9f34d1bf2 --- /dev/null +++ b/2021/30xxx/CVE-2021-30139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30140.json b/2021/30xxx/CVE-2021-30140.json new file mode 100644 index 00000000000..1e0ab418799 --- /dev/null +++ b/2021/30xxx/CVE-2021-30140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file