diff --git a/2021/21xxx/CVE-2021-21980.json b/2021/21xxx/CVE-2021-21980.json index 4ce84c0e3b5..7d47fb84013 100644 --- a/2021/21xxx/CVE-2021-21980.json +++ b/2021/21xxx/CVE-2021-21980.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server and VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary file read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information." } ] } diff --git a/2021/22xxx/CVE-2021-22049.json b/2021/22xxx/CVE-2021-22049.json index a3245d51ae2..f007392357c 100644 --- a/2021/22xxx/CVE-2021-22049.json +++ b/2021/22xxx/CVE-2021-22049.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server and VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SSRF vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service." } ] } diff --git a/2021/34xxx/CVE-2021-34423.json b/2021/34xxx/CVE-2021-34423.json index 549f08f21ca..534af1f48f2 100644 --- a/2021/34xxx/CVE-2021-34423.json +++ b/2021/34xxx/CVE-2021-34423.json @@ -1,18 +1,288 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Zoom Communications Inc", + "ASSIGNER": "security@zoom.us", "ID": "CVE-2021-34423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Buffer overflow in Zoom client and other products" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Blackberry (for Android and iOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.1" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for intune (for Android and iOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Chrome OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.1" + } + ] + } + }, + { + "product_name": "Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.3" + } + ] + } + }, + { + "product_name": "Controllers for Zoom Rooms (for Android, iOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.3" + } + ] + } + }, + { + "product_name": "Zoom VDI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1922" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1082" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1340" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1081" + } + ] + } + }, + { + "product_name": "Zoom Video SDK (for Android, iOS, macOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.1.2" + } + ] + } + }, + { + "product_name": "Zoom On-Premise Meeting Connector Controller", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.12.20211115" + } + ] + } + }, + { + "product_name": "Zoom On-Premise Meeting Connector MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.12.20211115" + } + ] + } + }, + { + "product_name": "Zoom On-Premise Recording Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.0.65.20211116" + } + ] + } + }, + { + "product_name": "Zoom On-Premise Virtual Room Connector ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.4.7266.20211117" + } + ] + } + }, + { + "product_name": "Zoom On-Premise Virtual Room Connector Load Balancer ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.5.5692.20211117" + } + ] + } + }, + { + "product_name": "Zoom Hybrid Zproxy", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.0.1058.20211116" + } + ] + } + }, + { + "product_name": "Zoom Hybrid MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.6.20211116.131_x86-64" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Natalie Silvanovich of Google Project Zero" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin" + } + ] + }, + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34424.json b/2021/34xxx/CVE-2021-34424.json index fd47ebb82cb..6aafe22b1b3 100644 --- a/2021/34xxx/CVE-2021-34424.json +++ b/2021/34xxx/CVE-2021-34424.json @@ -1,18 +1,288 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Zoom Communications Inc", + "ASSIGNER": "security@zoom.us", "ID": "CVE-2021-34424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Process memory exposure in Zoom Client and other products" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Blackberry (for Android and iOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.1" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for intune (for Android and iOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Client for Meetings for Chrome OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.1" + } + ] + } + }, + { + "product_name": "Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.3" + } + ] + } + }, + { + "product_name": "Controllers for Zoom Rooms (for Android, iOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.3" + } + ] + } + }, + { + "product_name": "Zoom VDI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.8.4" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1922" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1082" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1340" + } + ] + } + }, + { + "product_name": "Zoom Meeting SDK for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7.6.1081" + } + ] + } + }, + { + "product_name": "Zoom Video SDK (for Android, iOS, macOS, and Windows)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.1.2" + } + ] + } + }, + { + "product_name": "Zoom on-premise Meeting Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.12.20211115" + } + ] + } + }, + { + "product_name": "Zoom on-premise Meeting Connector MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.8.12.20211115" + } + ] + } + }, + { + "product_name": "Zoom on-premise Recording Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.0.65.20211116" + } + ] + } + }, + { + "product_name": "Zoom on-premise Virtual Room Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.4.7266.20211117" + } + ] + } + }, + { + "product_name": "Zoom on-premise Virtual Room Connector Load Balancer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.5.5692.20211117" + } + ] + } + }, + { + "product_name": "Zoom Hybrid Zproxy", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.0.1058.20211116" + } + ] + } + }, + { + "product_name": "Zoom Hybrid MMR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.6.20211116.131_x86-64" + } + ] + } + } + ] + }, + "vendor_name": "Zoom Video Communications Inc" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Natalie Silvanovich of Google Project Zero" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://explore.zoom.us/en/trust/security/security-bulletin", + "name": "https://explore.zoom.us/en/trust/security/security-bulletin" + } + ] + }, + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36916.json b/2021/36xxx/CVE-2021-36916.json index 757c0e5c730..07d9d317971 100644 --- a/2021/36xxx/CVE-2021-36916.json +++ b/2021/36xxx/CVE-2021-36916.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-11-24T13:53:00.000Z", "ID": "CVE-2021-36916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hide My WP (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 6.2.3", + "version_value": "6.2.3" + } + ] + } + } + ] + }, + "vendor_name": "wpWave" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function \"hmwp_get_user_ip\" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as \"X-Forwarded-For.\" As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158", + "refsource": "CONFIRM", + "url": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158" + }, + { + "name": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/", + "refsource": "MISC", + "url": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/" + }, + { + "name": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-sql-injection-sqli-vulnerability", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-sql-injection-sqli-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 6.2.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36917.json b/2021/36xxx/CVE-2021-36917.json index 93ebfb36283..f24fec6e3a5 100644 --- a/2021/36xxx/CVE-2021-36917.json +++ b/2021/36xxx/CVE-2021-36917.json @@ -1,18 +1,110 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-11-24T14:14:00.000Z", "ID": "CVE-2021-36917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hide My WP (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 6.2.3", + "version_value": "6.2.3" + } + ] + } + } + ] + }, + "vendor_name": "wpWave" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Dave Jong (Patchstack)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158", + "refsource": "CONFIRM", + "url": "https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158" + }, + { + "name": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/", + "refsource": "MISC", + "url": "https://patchstack.com/hide-my-wp-vulnerabilities-fixed/" + }, + { + "name": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 6.2.4 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38873.json b/2021/38xxx/CVE-2021-38873.json index 8e3a9d89829..b4906a95f21 100644 --- a/2021/38xxx/CVE-2021-38873.json +++ b/2021/38xxx/CVE-2021-38873.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ID" : "CVE-2021-38873", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-11-23T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "PR" : "H", - "A" : "H", - "I" : "H", - "AV" : "N", - "SCORE" : "6.800", - "AC" : "L", - "C" : "H", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_version" : "4.0", - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Planning Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "CVE_data_meta": { + "ID": "CVE-2021-38873", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-11-23T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "PR": "H", + "A": "H", + "I": "H", + "AV": "N", + "SCORE": "6.800", + "AC": "L", + "C": "H", + "UI": "R" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6517470", - "url" : "https://www.ibm.com/support/pages/node/6517470", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6517470 (Planning Analytics)" - }, - { - "name" : "ibm-planning-cve202138873-code-exec (208396)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208396", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396." - } - ] - } -} + } + }, + "data_version": "4.0", + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Planning Analytics", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6517470", + "url": "https://www.ibm.com/support/pages/node/6517470", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6517470 (Planning Analytics)" + }, + { + "name": "ibm-planning-cve202138873-code-exec (208396)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208396", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43268.json b/2021/43xxx/CVE-2021-43268.json index c9959e73bab..b5b81dbf33e 100644 --- a/2021/43xxx/CVE-2021-43268.json +++ b/2021/43xxx/CVE-2021-43268.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43268", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43268", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-43268", + "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-43268" } ] }