From aa5443ec7017d629cd7f19cdb15f8cf9ddb409cb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Mar 2021 13:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13949.json | 5 +++ 2021/26xxx/CVE-2021-26295.json | 5 +++ 2021/29xxx/CVE-2021-29025.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29026.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29027.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29028.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29029.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29030.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29031.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29032.json | 56 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29033.json | 56 ++++++++++++++++++++++++++++++---- 11 files changed, 460 insertions(+), 54 deletions(-) diff --git a/2020/13xxx/CVE-2020-13949.json b/2020/13xxx/CVE-2020-13949.json index b2cb8f0cb48..02965c1f242 100644 --- a/2020/13xxx/CVE-2020-13949.json +++ b/2020/13xxx/CVE-2020-13949.json @@ -263,6 +263,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", "url": "https://lists.apache.org/thread.html/rf568168e7f83871969928c0379813da6d034485f8b20fa73884816d6@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949", + "url": "https://lists.apache.org/thread.html/r18732bb1343894143d68db58fe4c8f56d9cd221b37f1378ed7373372@%3Cissues.hbase.apache.org%3E" } ] }, diff --git a/2021/26xxx/CVE-2021-26295.json b/2021/26xxx/CVE-2021-26295.json index fcf8eae56ee..ec3091bcf6c 100644 --- a/2021/26xxx/CVE-2021-26295.json +++ b/2021/26xxx/CVE-2021-26295.json @@ -69,6 +69,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E", "name": "https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210324 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)", + "url": "https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E" } ] }, diff --git a/2021/29xxx/CVE-2021-29025.json b/2021/29xxx/CVE-2021-29025.json index 51298dabb47..c128c589a63 100644 --- a/2021/29xxx/CVE-2021-29025.json +++ b/2021/29xxx/CVE-2021-29025.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29025", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29025", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29026.json b/2021/29xxx/CVE-2021-29026.json index d0b428ccebb..e6911956e9a 100644 --- a/2021/29xxx/CVE-2021-29026.json +++ b/2021/29xxx/CVE-2021-29026.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29026", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29026", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29027.json b/2021/29xxx/CVE-2021-29027.json index 6195e7d98f3..dde2cd7d192 100644 --- a/2021/29xxx/CVE-2021-29027.json +++ b/2021/29xxx/CVE-2021-29027.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29027", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29027", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29028.json b/2021/29xxx/CVE-2021-29028.json index 6de68dcbb2e..3a6dc3ac482 100644 --- a/2021/29xxx/CVE-2021-29028.json +++ b/2021/29xxx/CVE-2021-29028.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29028", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29028", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29029.json b/2021/29xxx/CVE-2021-29029.json index beacfd49dfc..ee3f9f21a18 100644 --- a/2021/29xxx/CVE-2021-29029.json +++ b/2021/29xxx/CVE-2021-29029.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29029", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29029", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29030.json b/2021/29xxx/CVE-2021-29030.json index c9a2c06ea86..c33fc796c7a 100644 --- a/2021/29xxx/CVE-2021-29030.json +++ b/2021/29xxx/CVE-2021-29030.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29030", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29030", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29031.json b/2021/29xxx/CVE-2021-29031.json index 62e6c0b2244..f4ff4899e5a 100644 --- a/2021/29xxx/CVE-2021-29031.json +++ b/2021/29xxx/CVE-2021-29031.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29031", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29031", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29032.json b/2021/29xxx/CVE-2021-29032.json index 8cfc8f69cfa..9153d46eafc 100644 --- a/2021/29xxx/CVE-2021-29032.json +++ b/2021/29xxx/CVE-2021-29032.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29032", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29032", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] } diff --git a/2021/29xxx/CVE-2021-29033.json b/2021/29xxx/CVE-2021-29033.json index 7ff623b959b..fe57f15240b 100644 --- a/2021/29xxx/CVE-2021-29033.json +++ b/2021/29xxx/CVE-2021-29033.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md", + "refsource": "MISC", + "name": "https://github.com/xoffense/POC/blob/main/Multiple%20URI%20Based%20XSS%20in%20Bitweaver%203.1.0.md" } ] }