admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-24 17:01:07 +00:00
parent cdc15aa76b
commit b4b73d0e62
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 980 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2021/21xxx/CVE-2021-21980.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
]
}

50
2021/22xxx/CVE-2021-22049.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
}
]
}

282
2021/34xxx/CVE-2021-34423.json
View File

@ -1,18 +1,288 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Zoom Communications Inc",
"ASSIGNER": "security@zoom.us",
"ID": "CVE-2021-34423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Zoom client and other products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Blackberry (for Android and iOS)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.1"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for intune (for Android and iOS)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Chrome OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.0.1"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.3"
}
]
}
},
{
"product_name": "Controllers for Zoom Rooms (for Android, iOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.3"
}
]
}
},
{
"product_name": "Zoom VDI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1922"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1082"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1340"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1081"
}
]
}
},
{
"product_name": "Zoom Video SDK (for Android, iOS, macOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "Zoom On-Premise Meeting Connector Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.8.12.20211115"
}
]
}
},
{
"product_name": "Zoom On-Premise Meeting Connector MMR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.8.12.20211115"
}
]
}
},
{
"product_name": "Zoom On-Premise Recording Connector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.0.65.20211116"
}
]
}
},
{
"product_name": "Zoom On-Premise Virtual Room Connector ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.4.7266.20211117"
}
]
}
},
{
"product_name": "Zoom On-Premise Virtual Room Connector Load Balancer ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.5.5692.20211117"
}
]
}
},
{
"product_name": "Zoom Hybrid Zproxy",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.1058.20211116"
}
]
}
},
{
"product_name": "Zoom Hybrid MMR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.6.20211116.131_x86-64"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natalie Silvanovich of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}

282
2021/34xxx/CVE-2021-34424.json
View File

@ -1,18 +1,288 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "Zoom Communications Inc",
"ASSIGNER": "security@zoom.us",
"ID": "CVE-2021-34424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Process memory exposure in Zoom Client and other products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Blackberry (for Android and iOS)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.1"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for intune (for Android and iOS)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Client for Meetings for Chrome OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.0.1"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.3"
}
]
}
},
{
"product_name": "Controllers for Zoom Rooms (for Android, iOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.3"
}
]
}
},
{
"product_name": "Zoom VDI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.8.4"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1922"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1082"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1340"
}
]
}
},
{
"product_name": "Zoom Meeting SDK for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.7.6.1081"
}
]
}
},
{
"product_name": "Zoom Video SDK (for Android, iOS, macOS, and Windows)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.2"
}
]
}
},
{
"product_name": "Zoom on-premise Meeting Connector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.8.12.20211115"
}
]
}
},
{
"product_name": "Zoom on-premise Meeting Connector MMR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.8.12.20211115"
}
]
}
},
{
"product_name": "Zoom on-premise Recording Connector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.0.65.20211116"
}
]
}
},
{
"product_name": "Zoom on-premise Virtual Room Connector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.4.7266.20211117"
}
]
}
},
{
"product_name": "Zoom on-premise Virtual Room Connector Load Balancer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.5.5692.20211117"
}
]
}
},
{
"product_name": "Zoom Hybrid Zproxy",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.0.1058.20211116"
}
]
}
},
{
"product_name": "Zoom Hybrid MMR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.6.20211116.131_x86-64"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Natalie Silvanovich of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"name": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}

104
2021/36xxx/CVE-2021-36916.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2021-11-24T13:53:00.000Z",
"ID": "CVE-2021-36916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hide My WP (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 6.2.3",
"version_value": "6.2.3"
}
]
}
}
]
},
"vendor_name": "wpWave"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Dave Jong (Patchstack)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function \"hmwp_get_user_ip\" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as \"X-Forwarded-For.\" As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158",
"refsource": "CONFIRM",
"url": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158"
},
{
"name": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/",
"refsource": "MISC",
"url": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/"
},
{
"name": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-sql-injection-sqli-vulnerability",
"refsource": "MISC",
"url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-sql-injection-sqli-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 6.2.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

104
2021/36xxx/CVE-2021-36917.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2021-11-24T14:14:00.000Z",
"ID": "CVE-2021-36917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hide My WP (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 6.2.3",
"version_value": "6.2.3"
}
]
}
}
]
},
"vendor_name": "wpWave"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Dave Jong (Patchstack)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158",
"refsource": "CONFIRM",
"url": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158"
},
{
"name": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/",
"refsource": "MISC",
"url": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/"
},
{
"name": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability",
"refsource": "MISC",
"url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 6.2.4 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

176
2021/38xxx/CVE-2021-38873.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ID" : "CVE-2021-38873",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-11-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"PR" : "H",
"A" : "H",
"I" : "H",
"AV" : "N",
"SCORE" : "6.800",
"AC" : "L",
"C" : "H",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"CVE_data_meta": {
"ID": "CVE-2021-38873",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-11-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"PR": "H",
"A": "H",
"I": "H",
"AV": "N",
"SCORE": "6.800",
"AC": "L",
"C": "H",
"UI": "R"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6517470",
"url" : "https://www.ibm.com/support/pages/node/6517470",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6517470 (Planning Analytics)"
},
{
"name" : "ibm-planning-cve202138873-code-exec (208396)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208396",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396."
}
]
}
}
}
},
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Planning Analytics",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6517470",
"url": "https://www.ibm.com/support/pages/node/6517470",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6517470 (Planning Analytics)"
},
{
"name": "ibm-planning-cve202138873-code-exec (208396)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208396",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396."
}
]
}
}

56
2021/43xxx/CVE-2021-43268.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-43268",
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-43268"
}
]
}