admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-15 16:01:08 +00:00
parent c2935e3a06
commit b04082da0e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
25 changed files with 2040 additions and 1315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2020/12xxx/CVE-2020-12895.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12897.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "21.3.1"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12899.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12900.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.7.1"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12902.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12904.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12920.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12929.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

71
2020/12xxx/CVE-2020-12963.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
"ID": "CVE-2020-12963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Radeon Software ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Radeon Software",
"version_value": "20.11.2"
},
{
"version_affected": "<",
"version_name": "Radeon Pro Software for Enterprise ",
"version_value": "21.Q2 "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"
}
]
},
"source": {
"advisory": "AMD-SB-1000",
"discovery": "UNKNOWN"
}
}

132
2021/34xxx/CVE-2021-34991.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6400v2",
"version": {
"version_data": [
{
"version_value": "1.0.4.106_10.0.80"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R6400v2",
"version": {
"version_data": [
{
"version_value": "1.0.4.106_10.0.80"
}
]
}
}
]
},
"vendor_name": "NETGEAR"
}
}
]
},
"vendor_name": "NETGEAR"
}
]
}
},
"credit": "her0back of MoyunSec TopBreaker Lab",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
},
"credit": "her0back of MoyunSec TopBreaker Lab",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/"
},
{
"url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168",
"refsource": "MISC",
"name": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

132
2021/34xxx/CVE-2021-34992.json
View File

@ -1,70 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C1 CMS",
"version": {
"version_data": [
{
"version_value": "6.10"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "C1 CMS",
"version": {
"version_data": [
{
"version_value": "6.10"
}
]
}
}
]
},
"vendor_name": "Orckestra"
}
}
]
},
"vendor_name": "Orckestra"
}
]
}
},
"credit": "Le Ngoc Anh - Sun* Cyber Security Research Team",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account.\n Was ZDI-CAN-14740."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
},
"credit": "Le Ngoc Anh - Sun* Cyber Security Research Team",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/"
},
{
"url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/"
},
{
"url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11",
"refsource": "MISC",
"name": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

220
2021/38xxx/CVE-2021-38974.json
View File

@ -1,114 +1,114 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516046",
"title" : "IBM Security Bulletin 6516046 (Security Key Lifecycle Manager)",
"url" : "https://www.ibm.com/support/pages/node/6516046",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212779",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138974-dos (212779)"
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"UI" : "N",
"SCORE" : "5.400",
"C" : "N",
"AV" : "N",
"I" : "L",
"S" : "U",
"A" : "L",
"PR" : "L",
"AC" : "L"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779."
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38974",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6516046",
"title": "IBM Security Bulletin 6516046 (Security Key Lifecycle Manager)",
"url": "https://www.ibm.com/support/pages/node/6516046",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212779",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138974-dos (212779)"
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"UI": "N",
"SCORE": "5.400",
"C": "N",
"AV": "N",
"I": "L",
"S": "U",
"A": "L",
"PR": "L",
"AC": "L"
}
}
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38974",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0"
}

222
2021/38xxx/CVE-2021-38975.json
View File

@ -1,114 +1,114 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ID" : "CVE-2021-38975",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"S" : "U",
"A" : "N",
"PR" : "L",
"AC" : "L",
"UI" : "N",
"SCORE" : "4.300",
"C" : "L",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516044",
"title" : "IBM Security Bulletin 6516044 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516044"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138975-info-disc (212780)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212780"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.",
"lang" : "eng"
}
]
}
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-12T00:00:00",
"ID": "CVE-2021-38975",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
},
"product_name": "Security Key Lifecycle Manager"
}
]
}
}
]
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"I": "N",
"S": "U",
"A": "N",
"PR": "L",
"AC": "L",
"UI": "N",
"SCORE": "4.300",
"C": "L",
"AV": "N"
}
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6516044",
"title": "IBM Security Bulletin 6516044 (Security Key Lifecycle Manager)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6516044"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138975-info-disc (212780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212780"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.",
"lang": "eng"
}
]
}
}

222
2021/38xxx/CVE-2021-38976.json
View File

@ -1,114 +1,114 @@
{
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6516038 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516038",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516038"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212781",
"refsource" : "XF",
"name" : "ibm-tivoli-cve202138976-info-disc (212781)",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-38976",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6516038 (Security Key Lifecycle Manager)",
"name": "https://www.ibm.com/support/pages/node/6516038",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6516038"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212781",
"refsource": "XF",
"name": "ibm-tivoli-cve202138976-info-disc (212781)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"SCORE" : "6.200",
"AV" : "L",
"C" : "H",
"S" : "U",
"I" : "N",
"A" : "N",
"PR" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38976",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-11-12T00:00:00",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"SCORE": "6.200",
"AV": "L",
"C": "H",
"S": "U",
"I": "N",
"A": "N",
"PR": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
}
}

224
2021/38xxx/CVE-2021-38977.json
View File

@ -1,114 +1,114 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AV" : "N",
"C" : "L",
"SCORE" : "3.100",
"UI" : "R",
"AC" : "H",
"PR" : "N",
"S" : "U",
"I" : "N",
"A" : "N"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38977",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6516052 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516052",
"url" : "https://www.ibm.com/support/pages/node/6516052",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138977-info-disc (212782)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212782"
}
]
}
}
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AV": "N",
"C": "L",
"SCORE": "3.100",
"UI": "R",
"AC": "H",
"PR": "N",
"S": "U",
"I": "N",
"A": "N"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38977",
"DATE_PUBLIC": "2021-11-12T00:00:00",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6516052 (Security Key Lifecycle Manager)",
"name": "https://www.ibm.com/support/pages/node/6516052",
"url": "https://www.ibm.com/support/pages/node/6516052",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138977-info-disc (212782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212782"
}
]
}
}

222
2021/38xxx/CVE-2021-38978.json
View File

@ -1,114 +1,114 @@
{
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516050",
"title" : "IBM Security Bulletin 6516050 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516050"
},
{
"name" : "ibm-tivoli-cve202138978-info-disc (212783)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212783",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38978",
"DATE_PUBLIC" : "2021-11-12T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "N",
"SCORE" : "5.900",
"C" : "H",
"AV" : "N",
"A" : "N",
"S" : "U",
"I" : "N",
"PR" : "N",
"AC" : "H"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
"name": "https://www.ibm.com/support/pages/node/6516050",
"title": "IBM Security Bulletin 6516050 (Security Key Lifecycle Manager)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6516050"
},
{
"name": "ibm-tivoli-cve202138978-info-disc (212783)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212783",
"refsource": "XF"
}
]
}
}
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783."
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38978",
"DATE_PUBLIC": "2021-11-12T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "N",
"SCORE": "5.900",
"C": "H",
"AV": "N",
"A": "N",
"S": "U",
"I": "N",
"PR": "N",
"AC": "H"
}
}
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
},
"product_name": "Security Key Lifecycle Manager"
}
]
}
}
]
}
}
}

222
2021/38xxx/CVE-2021-38979.json
View File

@ -1,114 +1,114 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"SCORE" : "4.400",
"UI" : "N",
"AV" : "N",
"C" : "H",
"PR" : "H",
"I" : "N",
"S" : "U",
"A" : "N",
"AC" : "H"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"SCORE": "4.400",
"UI": "N",
"AV": "N",
"C": "H",
"PR": "H",
"I": "N",
"S": "U",
"A": "N",
"AC": "H"
}
]
}
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38979",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
},
"product_name": "Security Key Lifecycle Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516034",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6516034",
"title" : "IBM Security Bulletin 6516034 (Security Key Lifecycle Manager)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785",
"name" : "ibm-tivoli-cve202138979-info-disc (212785)",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE"
}
}
},
"data_format": "MITRE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38979",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6516034",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6516034",
"title": "IBM Security Bulletin 6516034 (Security Key Lifecycle Manager)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785",
"name": "ibm-tivoli-cve202138979-info-disc (212785)",
"title": "X-Force Vulnerability Report"
}
]
},
"data_type": "CVE"
}

222
2021/38xxx/CVE-2021-38981.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38981",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "N",
"S" : "U",
"A" : "N",
"PR" : "N",
"AC" : "L",
"UI" : "N",
"SCORE" : "5.300",
"C" : "L",
"AV" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"DATE_PUBLIC": "2021-11-12T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38981",
"STATE": "PUBLIC"
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516048",
"name" : "https://www.ibm.com/support/pages/node/6516048",
"title" : "IBM Security Bulletin 6516048 (Security Key Lifecycle Manager)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212788",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138981-info-disc (212788)"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.",
"lang" : "eng"
}
]
}
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "N",
"S": "U",
"A": "N",
"PR": "N",
"AC": "L",
"UI": "N",
"SCORE": "5.300",
"C": "L",
"AV": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
},
"product_name": "Security Key Lifecycle Manager"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6516048",
"name": "https://www.ibm.com/support/pages/node/6516048",
"title": "IBM Security Bulletin 6516048 (Security Key Lifecycle Manager)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212788",
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138981-info-disc (212788)"
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.",
"lang": "eng"
}
]
}
}

220
2021/38xxx/CVE-2021-38982.json
View File

@ -1,114 +1,114 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6516042",
"title" : "IBM Security Bulletin 6516042 (Security Key Lifecycle Manager)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6516042"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212791",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138982-xss (212791)"
}
]
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.",
"lang": "eng"
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"UI" : "R",
"C" : "L",
"AV" : "N",
"PR" : "L",
"S" : "C",
"I" : "L",
"A" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6516042",
"title": "IBM Security Bulletin 6516042 (Security Key Lifecycle Manager)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6516042"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212791",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138982-xss (212791)"
}
]
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38982",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
}
}
}
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.400",
"UI": "R",
"C": "L",
"AV": "N",
"PR": "L",
"S": "C",
"I": "L",
"A": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "H"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38982",
"DATE_PUBLIC": "2021-11-12T00:00:00",
"STATE": "PUBLIC"
}
}

222
2021/38xxx/CVE-2021-38983.json
View File

@ -1,114 +1,114 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38983",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
}
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AV" : "N",
"SCORE" : "4.400",
"UI" : "N",
"AC" : "H",
"PR" : "H",
"I" : "N",
"S" : "U",
"A" : "N"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516036",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6516036 (Security Key Lifecycle Manager)",
"name" : "https://www.ibm.com/support/pages/node/6516036"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212792",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138983-info-disc (212792)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792."
}
]
}
}
]
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38983",
"DATE_PUBLIC": "2021-11-12T00:00:00",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"AV": "N",
"SCORE": "4.400",
"UI": "N",
"AC": "H",
"PR": "H",
"I": "N",
"S": "U",
"A": "N"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6516036",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6516036 (Security Key Lifecycle Manager)",
"name": "https://www.ibm.com/support/pages/node/6516036"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212792",
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138983-info-disc (212792)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792."
}
]
}
}

222
2021/38xxx/CVE-2021-38984.json
View File

@ -1,114 +1,114 @@
{
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6516032",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6516032",
"title" : "IBM Security Bulletin 6516032 (Security Key Lifecycle Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202138984-info-disc (212793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212793"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793."
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38984",
"DATE_PUBLIC" : "2021-11-12T00:00:00",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.0"
},
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.0.4"
},
{
"version_value" : "3.0.1.5"
},
{
"version_value" : "4.0.0.3"
},
{
"version_value" : "4.1"
},
{
"version_value" : "4.1.0.1"
},
{
"version_value" : "4.1.1"
}
]
},
"product_name" : "Security Key Lifecycle Manager"
}
]
}
"url": "https://www.ibm.com/support/pages/node/6516032",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6516032",
"title": "IBM Security Bulletin 6516032 (Security Key Lifecycle Manager)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202138984-info-disc (212793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212793"
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "3.700",
"UI" : "N",
"C" : "L",
"AV" : "N",
"PR" : "N",
"I" : "N",
"S" : "U",
"A" : "N",
"AC" : "H"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793."
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38984",
"DATE_PUBLIC": "2021-11-12T00:00:00",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.0.4"
},
{
"version_value": "3.0.1.5"
},
{
"version_value": "4.0.0.3"
},
{
"version_value": "4.1"
},
{
"version_value": "4.1.0.1"
},
{
"version_value": "4.1.1"
}
]
},
"product_name": "Security Key Lifecycle Manager"
}
]
}
}
]
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "3.700",
"UI": "N",
"C": "L",
"AV": "N",
"PR": "N",
"I": "N",
"S": "U",
"A": "N",
"AC": "H"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
}
}

61
2021/41xxx/CVE-2021-41765.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php",
"refsource": "MISC",
"name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"refsource": "MISC",
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}

61
2021/41xxx/CVE-2021-41950.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php",
"refsource": "MISC",
"name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"refsource": "MISC",
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}

56
2021/41xxx/CVE-2021-41951.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}

56
2021/42xxx/CVE-2021-42580.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE",
"refsource": "MISC",
"name": "https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE"
}
]
}