admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-08-24 13:00:56 +00:00
parent 1f15e4ff8d
commit b04a6e9dbe
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 362 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/20xxx/CVE-2018-20955.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root."
"value": "Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31."
}
]
},
@ -56,6 +56,11 @@
"url": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/",
"refsource": "MISC",
"name": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/"
},
{
"refsource": "MISC",
"name": "https://www.swann.com/au/safe-by-swann-upgrade",
"url": "https://www.swann.com/au/safe-by-swann-upgrade"
}
]
}

7
2018/20xxx/CVE-2018-20956.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset."
"value": "Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31."
}
]
},
@ -56,6 +56,11 @@
"url": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/",
"refsource": "MISC",
"name": "https://www.pentestpartners.com/security-blog/hacking-swann-home-security-camera-video/"
},
{
"refsource": "MISC",
"name": "https://www.swann.com/au/safe-by-swann-upgrade",
"url": "https://www.swann.com/au/safe-by-swann-upgrade"
}
]
}

61
2021/37xxx/CVE-2021-37538.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://classydevs.com/free-modules/smartblog/",
"refsource": "MISC",
"name": "https://classydevs.com/free-modules/smartblog/"
},
{
"refsource": "MISC",
"name": "https://blog.sorcery.ie/posts/smartblog_sqli/",
"url": "https://blog.sorcery.ie/posts/smartblog_sqli/"
}
]
}

5
2021/38xxx/CVE-2021-38208.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"
}
]
}

66
2021/38xxx/CVE-2021-38306.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38306",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.lg.com/uk/support/product/lg-N1T1DD1",
"refsource": "MISC",
"name": "https://www.lg.com/uk/support/product/lg-N1T1DD1"
},
{
"url": "https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storage",
"refsource": "MISC",
"name": "https://www.lg.com/us/burners-drives/lg-N1T1-network-attached-storage"
},
{
"refsource": "MISC",
"name": "https://zerosecuritypenetrationtesting.com/?page_id=306",
"url": "https://zerosecuritypenetrationtesting.com/?page_id=306"
}
]
}

66
2021/38xxx/CVE-2021-38556.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/RaspAP/raspap-webgui",
"refsource": "MISC",
"name": "https://github.com/RaspAP/raspap-webgui"
},
{
"url": "https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php",
"refsource": "MISC",
"name": "https://github.com/RaspAP/raspap-webgui/blob/0e1d652c5e55f812aaf2a5908884e9db179416ee/includes/configure_client.php"
},
{
"refsource": "MISC",
"name": "https://zerosecuritypenetrationtesting.com/?page_id=306",
"url": "https://zerosecuritypenetrationtesting.com/?page_id=306"
}
]
}

66
2021/38xxx/CVE-2021-38557.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/RaspAP/raspap-webgui",
"refsource": "MISC",
"name": "https://github.com/RaspAP/raspap-webgui"
},
{
"url": "https://github.com/RaspAP/raspap-webgui/blob/fabc48c7daae4013b9888f266332e510b196a062/installers/raspap.sudoers",
"refsource": "MISC",
"name": "https://github.com/RaspAP/raspap-webgui/blob/fabc48c7daae4013b9888f266332e510b196a062/installers/raspap.sudoers"
},
{
"refsource": "MISC",
"name": "https://zerosecuritypenetrationtesting.com/?page_id=306",
"url": "https://zerosecuritypenetrationtesting.com/?page_id=306"
}
]
}

61
2021/39xxx/CVE-2021-39375.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://br.linkedin.com/in/felippe-foppa-6b1434108",
"refsource": "MISC",
"name": "https://br.linkedin.com/in/felippe-foppa-6b1434108"
},
{
"refsource": "MISC",
"name": "https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376/",
"url": "https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376/"
}
]
}

61
2021/39xxx/CVE-2021-39376.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://br.linkedin.com/in/felippe-foppa-6b1434108",
"refsource": "MISC",
"name": "https://br.linkedin.com/in/felippe-foppa-6b1434108"
},
{
"refsource": "MISC",
"name": "https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376/",
"url": "https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376/"
}
]
}