admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-15 17:00:35 +00:00
parent 41c52ca816
commit aa57f1706d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
38 changed files with 5474 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

289
2021/1xxx/CVE-2021-1464.json
View File

@ -1,17 +1,298 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system.\r\nThis vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "18.4.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm"
}
]
},
"source": {
"advisory": "cisco-sa-vman-authorization-b-GUEpSLK",
"discovery": "INTERNAL",
"defects": [
"CSCvu28370"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/RL:X/RC:X/E:X",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

287
2021/1xxx/CVE-2021-1470.json
View File

@ -1,17 +1,296 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\nThis vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.1.2_937"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB"
}
]
},
"source": {
"advisory": "cisco-sa-sdw-sqlinj-HDJUeEAX",
"discovery": "EXTERNAL",
"defects": [
"CSCvu92477"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/RL:X/RC:X/E:X",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

342
2021/1xxx/CVE-2021-1481.json
View File

@ -1,17 +1,351 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.\r\nThis vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements in Data Query Logic",
"cweId": "CWE-943"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "20.3.2_925"
},
{
"version_affected": "=",
"version_value": "20.3.2.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_927"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.1.2_937"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_928"
},
{
"version_affected": "=",
"version_value": "20.3.2_929"
},
{
"version_affected": "=",
"version_value": "20.4.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_930"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.4.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_937"
},
{
"version_affected": "=",
"version_value": "20.3.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC"
}
]
},
"source": {
"advisory": "cisco-sa-vmanage-cql-inject-c7z9QqyB",
"discovery": "EXTERNAL",
"defects": [
"CSCvw93066"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

337
2021/1xxx/CVE-2021-1482.json
View File

@ -1,17 +1,346 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system.\r\nThis vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "20.3.2_925"
},
{
"version_affected": "=",
"version_value": "20.3.2.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_927"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.1.2_937"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_928"
},
{
"version_affected": "=",
"version_value": "20.3.2_929"
},
{
"version_affected": "=",
"version_value": "20.4.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_930"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.4.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_937"
},
{
"version_affected": "=",
"version_value": "20.3.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC"
}
]
},
"source": {
"advisory": "cisco-sa-vman-auth-bypass-Z3Zze5XC",
"discovery": "INTERNAL",
"defects": [
"CSCvw93076"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

339
2021/1xxx/CVE-2021-1483.json
View File

@ -1,17 +1,348 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "20.3.2_925"
},
{
"version_affected": "=",
"version_value": "20.3.2.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_927"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.1.2_937"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_928"
},
{
"version_affected": "=",
"version_value": "20.3.2_929"
},
{
"version_affected": "=",
"version_value": "20.4.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_930"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.4.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX"
}
]
},
"source": {
"advisory": "cisco-sa-vman-xml-ext-entity-q6Z7uVUg",
"discovery": "INTERNAL",
"defects": [
"CSCvw93084"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

318
2021/1xxx/CVE-2021-1484.json
View File

@ -1,17 +1,327 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition.\r\nThis vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "20.3.2.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_927"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_928"
},
{
"version_affected": "=",
"version_value": "20.3.2_929"
},
{
"version_affected": "=",
"version_value": "20.4.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_930"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.4.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu"
}
]
},
"source": {
"advisory": "cisco-sa-vman-cmdinj-nRHKgfHX",
"discovery": "INTERNAL",
"defects": [
"CSCvw93086"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

333
2021/1xxx/CVE-2021-1491.json
View File

@ -1,17 +1,342 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device.\r\nThis vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "18.4.501_ES"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "20.3.2_925"
},
{
"version_affected": "=",
"version_value": "20.3.2.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_927"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.1.2_937"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_928"
},
{
"version_affected": "=",
"version_value": "20.3.2_929"
},
{
"version_affected": "=",
"version_value": "20.4.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2.1_930"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "19.2.4.0.1"
},
{
"version_affected": "=",
"version_value": "20.3.2_937"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu"
}
]
},
"source": {
"advisory": "cisco-sa-vmanage-info-disclos-gGvm9Mfu",
"discovery": "EXTERNAL",
"defects": [
"CSCvv03493"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

209
2021/1xxx/CVE-2021-1494.json
View File

@ -1,17 +1,218 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP.\r\n The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
},
{
"product_name": "Cisco UTD SNORT IPS Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.12.1a"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.6.7a"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.2"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.4"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.6"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.3"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.7"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.5"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.3"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.9"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.7"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.5"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.4"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.3"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.4"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc"
}
]
},
"source": {
"advisory": "cisco-sa-http-fp-bp-KfDdcQhc",
"discovery": "INTERNAL",
"defects": [
"CSCvv70864",
"CSCvw26645"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

85
2021/34xxx/CVE-2021-34750.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device.\r\nThis vulnerability is due to lack of proper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the FMC GUI and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in GUI",
"cweId": "CWE-317"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU"
}
]
},
"source": {
"advisory": "cisco-sa-fmc-infodisc-Ft2WVmNU",
"discovery": "EXTERNAL",
"defects": [
"CSCvy69730"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

85
2021/34xxx/CVE-2021-34751.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device.\r\nThis vulnerability exists because of improper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the GUI of Cisco FMC Software and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see . "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in GUI",
"cweId": "CWE-317"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-Ft2WVmNU"
}
]
},
"source": {
"advisory": "cisco-sa-fmc-infodisc-Ft2WVmNU",
"discovery": "EXTERNAL",
"defects": [
"CSCvy72194"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

93
2021/34xxx/CVE-2021-34752.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. \r\n\r\nThis vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2.3"
},
{
"version_affected": "=",
"version_value": "6.6.0.1"
},
{
"version_affected": "=",
"version_value": "6.4.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8"
}
]
},
"source": {
"advisory": "cisco-sa-ftd-cmdinject-FmzsLN8",
"discovery": "INTERNAL",
"defects": [
"CSCvy16573"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

85
2021/34xxx/CVE-2021-34753.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic.\r\n\r\nThis vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"
}
]
},
"source": {
"advisory": "cisco-sa-ftd-enip-bypass-eFsxd8KP",
"discovery": "EXTERNAL",
"defects": [
"CSCvy02240"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

297
2022/20xxx/CVE-2022-20626.json
View File

@ -1,17 +1,306 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device.\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Prime Access Registrar",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.2.4"
},
{
"version_affected": "=",
"version_value": "6.0.1.2"
},
{
"version_affected": "=",
"version_value": "6.0.2.1"
},
{
"version_affected": "=",
"version_value": "6.0.1.3"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.0.2.2"
},
{
"version_affected": "=",
"version_value": "6.0.2"
},
{
"version_affected": "=",
"version_value": "6.0.2.3"
},
{
"version_affected": "=",
"version_value": "6.0.1.1"
},
{
"version_affected": "=",
"version_value": "8.0.2.5"
},
{
"version_affected": "=",
"version_value": "7.0"
},
{
"version_affected": "=",
"version_value": "7.1"
},
{
"version_affected": "=",
"version_value": "8.0.1.4"
},
{
"version_affected": "=",
"version_value": "9.0.0.5"
},
{
"version_affected": "=",
"version_value": "8.0.4.1"
},
{
"version_affected": "=",
"version_value": "7.0.1.4"
},
{
"version_affected": "=",
"version_value": "7.0.1.2"
},
{
"version_affected": "=",
"version_value": "8.0.2.6"
},
{
"version_affected": "=",
"version_value": "9.1.0.0"
},
{
"version_affected": "=",
"version_value": "7.0.1.9"
},
{
"version_affected": "=",
"version_value": "8.0.3"
},
{
"version_affected": "=",
"version_value": "7.1.0.1"
},
{
"version_affected": "=",
"version_value": "9.0.0.1"
},
{
"version_affected": "=",
"version_value": "8.0.3.1"
},
{
"version_affected": "=",
"version_value": "8.0.4"
},
{
"version_affected": "=",
"version_value": "7.0.1.1"
},
{
"version_affected": "=",
"version_value": "8.0.2.2"
},
{
"version_affected": "=",
"version_value": "7.0.0.1"
},
{
"version_affected": "=",
"version_value": "8.0.2.1"
},
{
"version_affected": "=",
"version_value": "7.0.1.7"
},
{
"version_affected": "=",
"version_value": "8.0.1.3"
},
{
"version_affected": "=",
"version_value": "7.0.1.6"
},
{
"version_affected": "=",
"version_value": "8.0.3.2"
},
{
"version_affected": "=",
"version_value": "8.0.1.1"
},
{
"version_affected": "=",
"version_value": "9.0"
},
{
"version_affected": "=",
"version_value": "7.0.1.11"
},
{
"version_affected": "=",
"version_value": "8.0.4.2"
},
{
"version_affected": "=",
"version_value": "9.0.0.2"
},
{
"version_affected": "=",
"version_value": "9.1.1.0"
},
{
"version_affected": "=",
"version_value": "9.0.0.3"
},
{
"version_affected": "=",
"version_value": "8.0.2.3"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "8.0.2"
},
{
"version_affected": "=",
"version_value": "8.0.2.4"
},
{
"version_affected": "=",
"version_value": "7.0.1.5"
},
{
"version_affected": "=",
"version_value": "8.0.2.7"
},
{
"version_affected": "=",
"version_value": "7.0.1.10"
},
{
"version_affected": "=",
"version_value": "9.0.0.4"
},
{
"version_affected": "=",
"version_value": "9.1.1.1"
},
{
"version_affected": "=",
"version_value": "8.0.1"
},
{
"version_affected": "=",
"version_value": "8.0"
},
{
"version_affected": "=",
"version_value": "8.0.1.5"
},
{
"version_affected": "=",
"version_value": "7.0.1.3"
},
{
"version_affected": "=",
"version_value": "9.2.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB"
}
]
},
"source": {
"advisory": "cisco-sa-prime-reg-xss-zLOz8PfB",
"discovery": "INTERNAL",
"defects": [
"CSCvz74794"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

217
2022/20xxx/CVE-2022-20631.json
View File

@ -1,17 +1,226 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise Chat and Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.5(1)_ES1_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES8_ET1"
},
{
"version_affected": "=",
"version_value": "11.5(1)_ES1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
}
]
},
"source": {
"advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
"discovery": "INTERNAL",
"defects": [
"CSCvz20427"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

201
2022/20xxx/CVE-2022-20632.json
View File

@ -1,17 +1,210 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise Chat and Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
}
]
},
"source": {
"advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
"discovery": "INTERNAL",
"defects": [
"CSCvz20436"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

201
2022/20xxx/CVE-2022-20633.json
View File

@ -1,17 +1,210 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.\r\n\r\nThis vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise Chat and Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
}
]
},
"source": {
"advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
"discovery": "INTERNAL",
"defects": [
"CSCvz20450"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

201
2022/20xxx/CVE-2022-20634.json
View File

@ -1,17 +1,210 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.\r\nThis vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise Chat and Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.6(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES8"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES6_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES6"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES5"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ET1"
},
{
"version_affected": "=",
"version_value": "12.5(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3_ET1"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES3"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES11"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES4"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES5"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES9a"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES10"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES1"
},
{
"version_affected": "=",
"version_value": "12.0(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES3"
},
{
"version_affected": "=",
"version_value": "12.6(1)"
},
{
"version_affected": "=",
"version_value": "11.5(1)"
},
{
"version_affected": "=",
"version_value": "12.0(1)_ES2"
},
{
"version_affected": "=",
"version_value": "11.6(1)_ES7"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES2"
},
{
"version_affected": "=",
"version_value": "12.6(1)_ET1"
},
{
"version_affected": "=",
"version_value": "11.6(1)"
},
{
"version_affected": "=",
"version_value": "12.5(1)_ES1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
}
]
},
"source": {
"advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
"discovery": "INTERNAL",
"defects": [
"CSCvz50629"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

153
2022/20xxx/CVE-2022-20654.json
View File

@ -1,17 +1,162 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Webex Meetings",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "39.7.7"
},
{
"version_affected": "=",
"version_value": "39.9"
},
{
"version_affected": "=",
"version_value": "40.4.10"
},
{
"version_affected": "=",
"version_value": "39.6"
},
{
"version_affected": "=",
"version_value": "40.6.2"
},
{
"version_affected": "=",
"version_value": "39.8.2"
},
{
"version_affected": "=",
"version_value": "39.8.4"
},
{
"version_affected": "=",
"version_value": "40.1"
},
{
"version_affected": "=",
"version_value": "39.11"
},
{
"version_affected": "=",
"version_value": "39.7.4"
},
{
"version_affected": "=",
"version_value": "39.9.1"
},
{
"version_affected": "=",
"version_value": "40.4"
},
{
"version_affected": "=",
"version_value": "40.6"
},
{
"version_affected": "=",
"version_value": "39.7"
},
{
"version_affected": "=",
"version_value": "39.8"
},
{
"version_affected": "=",
"version_value": "39.8.3"
},
{
"version_affected": "=",
"version_value": "40.2"
},
{
"version_affected": "=",
"version_value": "39.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"
}
]
},
"source": {
"advisory": "cisco-sa-webex-xss-FmbPu2pe",
"discovery": "EXTERNAL",
"defects": [
"CSCvz85325"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

114
2024/11xxx/CVE-2024-11246.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"nome\" to be affected. But further inspection indicates that other parameters might be affected as well."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in code-projects Farmacia 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /adicionar-cliente.php. Mit der Manipulation des Arguments nome/cpf/dataNascimento mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Farmacia",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284682",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284682"
},
{
"url": "https://vuldb.com/?ctiid.284682",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284682"
},
{
"url": "https://vuldb.com/?submit.443189",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443189"
},
{
"url": "https://github.com/curry136/cve/blob/main/xss8.md",
"refsource": "MISC",
"name": "https://github.com/curry136/cve/blob/main/xss8.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "curry136 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

118
2024/11xxx/CVE-2024-11247.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "deu",
"value": "In SourceCodester Online Eyewear Shop 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /oews/classes/Master.php?f=save_product der Komponente Inventory Page. Durch die Manipulation des Arguments brand mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Eyewear Shop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284683",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284683"
},
{
"url": "https://vuldb.com/?ctiid.284683",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284683"
},
{
"url": "https://vuldb.com/?submit.443194",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443194"
},
{
"url": "https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md",
"refsource": "MISC",
"name": "https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Din0s4ur (VulDB User)"
},
{
"lang": "en",
"value": "Din0s4ur (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

18
2024/11xxx/CVE-2024-11263.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

78
2024/39xxx/CVE-2024-39726.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Engineering Insights",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.2, 7.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7176208",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7176208"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
]
}

61
2024/44xxx/CVE-2024-44625.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gogs.io/",
"url": "https://gogs.io/"
},
{
"refsource": "MISC",
"name": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/",
"url": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/"
}
]
}

61
2024/50xxx/CVE-2024-50650.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_book/BrokenAccessControl.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/python_book/BrokenAccessControl.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50650",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50650"
}
]
}

61
2024/50xxx/CVE-2024-50651.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/java_shop/BrokenAccessControl.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/java_shop/BrokenAccessControl.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50651",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50651"
}
]
}

61
2024/50xxx/CVE-2024-50652.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/java_shop/FileUpload.md",
"url": "https://github.com/Yllxx03/CVE/blob/main/java_shop/FileUpload.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50652",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50652"
}
]
}

61
2024/50xxx/CVE-2024-50653.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/crmeb",
"refsource": "MISC",
"name": "https://github.com/crmeb"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50653",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50653"
}
]
}

61
2024/50xxx/CVE-2024-50654.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/lilishop/CouponLogicVulnerability.md",
"url": "https://github.com/Yllxx03/CVE/blob/main/lilishop/CouponLogicVulnerability.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50654",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50654"
}
]
}

61
2024/50xxx/CVE-2024-50655.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/emlog/XSS.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/emlog/XSS.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50655",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50655"
}
]
}

90
2024/52xxx/CVE-2024-52516.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.9"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm"
},
{
"url": "https://github.com/nextcloud/server/pull/47180",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/47180"
},
{
"url": "https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34"
}
]
},
"source": {
"advisory": "GHSA-35gc-jc6x-29cm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

99
2024/52xxx/CVE-2024-52517.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52517",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After storing \"Global credentials\" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.11"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.8"
},
{
"version_affected": "=",
"version_value": ">= 30.0.0, < 30.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x9q3-c7f8-3rcg",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x9q3-c7f8-3rcg"
},
{
"url": "https://github.com/nextcloud/server/pull/48359",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/48359"
},
{
"url": "https://github.com/nextcloud/server/commit/c45ed55f959ff54f3ea23dd2ae1a5868a075c9fe",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/c45ed55f959ff54f3ea23dd2ae1a5868a075c9fe"
},
{
"url": "https://hackerone.com/reports/2554079",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2554079"
}
]
},
"source": {
"advisory": "GHSA-x9q3-c7f8-3rcg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

104
2024/52xxx/CVE-2024-52518.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.12"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.9"
},
{
"version_affected": "=",
"version_value": ">= 30.0.0, < 30.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg"
},
{
"url": "https://github.com/nextcloud/server/pull/48373",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/48373"
},
{
"url": "https://github.com/nextcloud/server/pull/48788",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/48788"
},
{
"url": "https://github.com/nextcloud/server/pull/48992",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/48992"
},
{
"url": "https://hackerone.com/reports/2602973",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2602973"
}
]
},
"source": {
"advisory": "GHSA-vrhf-532w-99rg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

90
2024/52xxx/CVE-2024-52519.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information",
"cweId": "CWE-922"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.10"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2"
},
{
"url": "https://github.com/nextcloud/server/pull/47635",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/47635"
},
{
"url": "https://github.com/nextcloud/server/commit/09b8aea8f6783514bffe00df6abbf9fa542faac5",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/09b8aea8f6783514bffe00df6abbf9fa542faac5"
}
]
},
"source": {
"advisory": "GHSA-fvpc-8hq6-jgq2",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

90
2024/52xxx/CVE-2024-52520.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.10"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxqf-cfxw-mqmj",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxqf-cfxw-mqmj"
},
{
"url": "https://github.com/nextcloud/server/pull/47627",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/47627"
},
{
"url": "https://github.com/nextcloud/server/commit/873c42b0f1383d5b6f2b7a481e1d9620ed30f44a",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/873c42b0f1383d5b6f2b7a481e1d9620ed30f44a"
}
]
},
"source": {
"advisory": "GHSA-pxqf-cfxw-mqmj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

90
2024/52xxx/CVE-2024-52521.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328: Use of Weak Hash",
"cweId": "CWE-328"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.10"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2q6f-gjgj-7hp4"
},
{
"url": "https://github.com/nextcloud/server/pull/47769",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/47769"
},
{
"url": "https://github.com/nextcloud/server/commit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/a933ba1fdba77e7d8c6b8ff400e082cf853ea46d"
}
]
},
"source": {
"advisory": "GHSA-2q6f-gjgj-7hp4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

94
2024/52xxx/CVE-2024-52523.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.12"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.9"
},
{
"version_affected": "=",
"version_value": ">= 30.0.0, < 30.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-42w6-r45m-9w9j",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-42w6-r45m-9w9j"
},
{
"url": "https://github.com/nextcloud/server/pull/49009",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/49009"
},
{
"url": "https://github.com/nextcloud/server/commit/8a13f284765bd4606984e7d925c32ae6e82b8a27",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/8a13f284765bd4606984e7d925c32ae6e82b8a27"
}
]
},
"source": {
"advisory": "GHSA-42w6-r45m-9w9j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

94
2024/52xxx/CVE-2024-52525.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.12"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.9"
},
{
"version_affected": "=",
"version_value": ">= 30.0.0, < 30.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm"
},
{
"url": "https://github.com/nextcloud/server/pull/48915",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/48915"
},
{
"url": "https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b"
}
]
},
"source": {
"advisory": "GHSA-w7v5-mgxm-v6gm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

58
2024/52xxx/CVE-2024-52528.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BudgetControl",
"product": {
"product_data": [
{
"product_name": "Gateway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m",
"refsource": "MISC",
"name": "https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m"
}
]
},
"source": {
"advisory": "GHSA-jqx6-gm7f-vp7m",
"discovery": "UNKNOWN"
}
}