From b8bf60bf4f818ecee1d15a4b14389c97fc7eb640 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Feb 2023 18:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/36xxx/CVE-2021-36424.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36425.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36426.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36484.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36489.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36493.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36532.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36535.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36538.json | 69 +++++++++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36544.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36545.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36546.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36569.json | 56 ++++++++++++++++++++++++--- 2021/36xxx/CVE-2021-36570.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37234.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37304.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37305.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37306.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37311.json | 61 +++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37315.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37316.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37317.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37373.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37374.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37375.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37376.json | 61 +++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37377.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37378.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37379.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37497.json | 61 +++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37501.json | 61 +++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37502.json | 56 ++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37518.json | 61 +++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37519.json | 61 +++++++++++++++++++++++++++--- 34 files changed, 1743 insertions(+), 204 deletions(-) diff --git a/2021/36xxx/CVE-2021-36424.json b/2021/36xxx/CVE-2021-36424.json index 6195f434d5c..cd4f2499776 100644 --- a/2021/36xxx/CVE-2021-36424.json +++ b/2021/36xxx/CVE-2021-36424.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36424", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36424", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackero/phpwcms/issues/310", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/issues/310" } ] } diff --git a/2021/36xxx/CVE-2021-36425.json b/2021/36xxx/CVE-2021-36425.json index dc5fafa1daf..826fa3c6b21 100644 --- a/2021/36xxx/CVE-2021-36425.json +++ b/2021/36xxx/CVE-2021-36425.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36425", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36425", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackero/phpwcms/issues/311", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/issues/311" } ] } diff --git a/2021/36xxx/CVE-2021-36426.json b/2021/36xxx/CVE-2021-36426.json index db8eb46bc07..d67b4046a7f 100644 --- a/2021/36xxx/CVE-2021-36426.json +++ b/2021/36xxx/CVE-2021-36426.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackero/phpwcms/issues/312", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/issues/312" } ] } diff --git a/2021/36xxx/CVE-2021-36484.json b/2021/36xxx/CVE-2021-36484.json index 28f54ea3182..38339cf2671 100644 --- a/2021/36xxx/CVE-2021-36484.json +++ b/2021/36xxx/CVE-2021-36484.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/JIZHICMS-v1-9-5-SQL-Injection-3a71102958584a20bf22c052c7778bbd", + "refsource": "MISC", + "name": "https://www.notion.so/JIZHICMS-v1-9-5-SQL-Injection-3a71102958584a20bf22c052c7778bbd" } ] } diff --git a/2021/36xxx/CVE-2021-36489.json b/2021/36xxx/CVE-2021-36489.json index 51f6d298a76..2a2ecf8b7db 100644 --- a/2021/36xxx/CVE-2021-36489.json +++ b/2021/36xxx/CVE-2021-36489.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liballeg/allegro5/issues/1251", + "refsource": "MISC", + "name": "https://github.com/liballeg/allegro5/issues/1251" } ] } diff --git a/2021/36xxx/CVE-2021-36493.json b/2021/36xxx/CVE-2021-36493.json index bc1e1efa30e..8ee4f0f36cc 100644 --- a/2021/36xxx/CVE-2021-36493.json +++ b/2021/36xxx/CVE-2021-36493.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36493", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36493", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160" } ] } diff --git a/2021/36xxx/CVE-2021-36532.json b/2021/36xxx/CVE-2021-36532.json index 49bf2c9b56c..35a8d6c887c 100644 --- a/2021/36xxx/CVE-2021-36532.json +++ b/2021/36xxx/CVE-2021-36532.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36532", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/excellentoldtv/portfolioCMS-issues/issues/1", + "refsource": "MISC", + "name": "https://github.com/excellentoldtv/portfolioCMS-issues/issues/1" } ] } diff --git a/2021/36xxx/CVE-2021-36535.json b/2021/36xxx/CVE-2021-36535.json index 9b457f3ef53..79ff358412d 100644 --- a/2021/36xxx/CVE-2021-36535.json +++ b/2021/36xxx/CVE-2021-36535.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36535", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cesanta/mjs/issues/175", + "refsource": "MISC", + "name": "https://github.com/cesanta/mjs/issues/175" } ] } diff --git a/2021/36xxx/CVE-2021-36538.json b/2021/36xxx/CVE-2021-36538.json index fa4ad7e6489..eea987d62dc 100644 --- a/2021/36xxx/CVE-2021-36538.json +++ b/2021/36xxx/CVE-2021-36538.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36538", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/miglen/b09498b4b9fe1be58973bd474af125ab", + "refsource": "MISC", + "name": "https://gist.github.com/miglen/b09498b4b9fe1be58973bd474af125ab" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/A:N/A:H/C:N/C:H/I:N/I:H/PR:N/PR:L/S:U/S:C/UI:N/UI:R", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36544.json b/2021/36xxx/CVE-2021-36544.json index 4dc6e49d387..48e8e8bf392 100644 --- a/2021/36xxx/CVE-2021-36544.json +++ b/2021/36xxx/CVE-2021-36544.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36544", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36544", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/happy_source/tpcms/issues/I3YNWY", + "refsource": "MISC", + "name": "https://gitee.com/happy_source/tpcms/issues/I3YNWY" } ] } diff --git a/2021/36xxx/CVE-2021-36545.json b/2021/36xxx/CVE-2021-36545.json index 8a86d51581e..0887e203bf1 100644 --- a/2021/36xxx/CVE-2021-36545.json +++ b/2021/36xxx/CVE-2021-36545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/happy_source/tpcms/issues/I3YUCJ", + "refsource": "MISC", + "name": "https://gitee.com/happy_source/tpcms/issues/I3YUCJ" } ] } diff --git a/2021/36xxx/CVE-2021-36546.json b/2021/36xxx/CVE-2021-36546.json index 32804fd5ccf..f0aad7bc2a1 100644 --- a/2021/36xxx/CVE-2021-36546.json +++ b/2021/36xxx/CVE-2021-36546.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36546", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Kitesky/KiteCMS/issues/10", + "refsource": "MISC", + "name": "https://github.com/Kitesky/KiteCMS/issues/10" } ] } diff --git a/2021/36xxx/CVE-2021-36569.json b/2021/36xxx/CVE-2021-36569.json index ae132899e04..c723b0a94e8 100644 --- a/2021/36xxx/CVE-2021-36569.json +++ b/2021/36xxx/CVE-2021-36569.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36569", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36569", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/daylightstudio/FUEL-CMS/issues/578", + "refsource": "MISC", + "name": "https://github.com/daylightstudio/FUEL-CMS/issues/578" } ] } diff --git a/2021/36xxx/CVE-2021-36570.json b/2021/36xxx/CVE-2021-36570.json index 43ca978f873..e36751bedfc 100644 --- a/2021/36xxx/CVE-2021-36570.json +++ b/2021/36xxx/CVE-2021-36570.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36570", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36570", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/daylightstudio/FUEL-CMS/issues/579", + "refsource": "MISC", + "name": "https://github.com/daylightstudio/FUEL-CMS/issues/579" } ] } diff --git a/2021/37xxx/CVE-2021-37234.json b/2021/37xxx/CVE-2021-37234.json index 5e90095b11c..1e69d7a3f8b 100644 --- a/2021/37xxx/CVE-2021-37234.json +++ b/2021/37xxx/CVE-2021-37234.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37234", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37234", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pwnlandia/mhn/issues/809", + "refsource": "MISC", + "name": "https://github.com/pwnlandia/mhn/issues/809" } ] } diff --git a/2021/37xxx/CVE-2021-37304.json b/2021/37xxx/CVE-2021-37304.json index 37c668da01c..76a68501a0c 100644 --- a/2021/37xxx/CVE-2021-37304.json +++ b/2021/37xxx/CVE-2021-37304.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37304", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37304", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jeecgboot/jeecg-boot/issues/2793", + "refsource": "MISC", + "name": "https://github.com/jeecgboot/jeecg-boot/issues/2793" } ] } diff --git a/2021/37xxx/CVE-2021-37305.json b/2021/37xxx/CVE-2021-37305.json index 393f5c69fc1..f912cd86d55 100644 --- a/2021/37xxx/CVE-2021-37305.json +++ b/2021/37xxx/CVE-2021-37305.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37305", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37305", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jeecgboot/jeecg-boot/issues/2794", + "refsource": "MISC", + "name": "https://github.com/jeecgboot/jeecg-boot/issues/2794" } ] } diff --git a/2021/37xxx/CVE-2021-37306.json b/2021/37xxx/CVE-2021-37306.json index 501b5dbc624..c1a1caef500 100644 --- a/2021/37xxx/CVE-2021-37306.json +++ b/2021/37xxx/CVE-2021-37306.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37306", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37306", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jeecgboot/jeecg-boot/issues/2794", + "refsource": "MISC", + "name": "https://github.com/jeecgboot/jeecg-boot/issues/2794" } ] } diff --git a/2021/37xxx/CVE-2021-37311.json b/2021/37xxx/CVE-2021-37311.json index 3edbb75fa9f..3d8b475447d 100644 --- a/2021/37xxx/CVE-2021-37311.json +++ b/2021/37xxx/CVE-2021-37311.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fcitx-im.org", + "refsource": "MISC", + "name": "https://fcitx-im.org" + }, + { + "url": "https://github.com/fcitx/fcitx5/pull/308", + "refsource": "MISC", + "name": "https://github.com/fcitx/fcitx5/pull/308" } ] } diff --git a/2021/37xxx/CVE-2021-37315.json b/2021/37xxx/CVE-2021-37315.json index 9e6a84cc620..88cb785b5fe 100644 --- a/2021/37xxx/CVE-2021-37315.json +++ b/2021/37xxx/CVE-2021-37315.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37315", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37315", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://robertchen.cc/blog/2021/03/31/asus-rce", + "refsource": "MISC", + "name": "https://robertchen.cc/blog/2021/03/31/asus-rce" } ] } diff --git a/2021/37xxx/CVE-2021-37316.json b/2021/37xxx/CVE-2021-37316.json index f979c8666eb..a09e3b6f516 100644 --- a/2021/37xxx/CVE-2021-37316.json +++ b/2021/37xxx/CVE-2021-37316.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37316", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37316", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://robertchen.cc/blog/2021/03/31/asus-rce", + "refsource": "MISC", + "name": "https://robertchen.cc/blog/2021/03/31/asus-rce" } ] } diff --git a/2021/37xxx/CVE-2021-37317.json b/2021/37xxx/CVE-2021-37317.json index d682c56a9f5..24100cd8714 100644 --- a/2021/37xxx/CVE-2021-37317.json +++ b/2021/37xxx/CVE-2021-37317.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37317", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37317", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://robertchen.cc/blog/2021/03/31/asus-rce", + "refsource": "MISC", + "name": "https://robertchen.cc/blog/2021/03/31/asus-rce" } ] } diff --git a/2021/37xxx/CVE-2021-37373.json b/2021/37xxx/CVE-2021-37373.json index aaba279f542..cd316a41470 100644 --- a/2021/37xxx/CVE-2021-37373.json +++ b/2021/37xxx/CVE-2021-37373.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37374.json b/2021/37xxx/CVE-2021-37374.json index 1db67b5f753..cd0d1d834bc 100644 --- a/2021/37xxx/CVE-2021-37374.json +++ b/2021/37xxx/CVE-2021-37374.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37375.json b/2021/37xxx/CVE-2021-37375.json index 1ab62697f71..4ba47054bb0 100644 --- a/2021/37xxx/CVE-2021-37375.json +++ b/2021/37xxx/CVE-2021-37375.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37376.json b/2021/37xxx/CVE-2021-37376.json index 112ba7b3805..445d8a1fe63 100644 --- a/2021/37xxx/CVE-2021-37376.json +++ b/2021/37xxx/CVE-2021-37376.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" + }, + { + "url": "https://teradek.com/collections/cube2", + "refsource": "MISC", + "name": "https://teradek.com/collections/cube2" } ] } diff --git a/2021/37xxx/CVE-2021-37377.json b/2021/37xxx/CVE-2021-37377.json index 7dff34260d8..2707db2f217 100644 --- a/2021/37xxx/CVE-2021-37377.json +++ b/2021/37xxx/CVE-2021-37377.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37378.json b/2021/37xxx/CVE-2021-37378.json index 5ca7e36f8a9..e98c02bde4c 100644 --- a/2021/37xxx/CVE-2021-37378.json +++ b/2021/37xxx/CVE-2021-37378.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37378", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37378", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37379.json b/2021/37xxx/CVE-2021-37379.json index b026ace7f69..7443242cec4 100644 --- a/2021/37xxx/CVE-2021-37379.json +++ b/2021/37xxx/CVE-2021-37379.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory", + "refsource": "MISC", + "name": "https://tbutler.org/2021/04/29/teradek-vulnerability-advisory" } ] } diff --git a/2021/37xxx/CVE-2021-37497.json b/2021/37xxx/CVE-2021-37497.json index bef9a37cc57..b42123ccd31 100644 --- a/2021/37xxx/CVE-2021-37497.json +++ b/2021/37xxx/CVE-2021-37497.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37497", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37497", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pbootcms.com/", + "refsource": "MISC", + "name": "https://www.pbootcms.com/" + }, + { + "url": "https://github.com/penson233/Vuln/issues/3", + "refsource": "MISC", + "name": "https://github.com/penson233/Vuln/issues/3" } ] } diff --git a/2021/37xxx/CVE-2021-37501.json b/2021/37xxx/CVE-2021-37501.json index 2225abc4241..5706d5ca80e 100644 --- a/2021/37xxx/CVE-2021-37501.json +++ b/2021/37xxx/CVE-2021-37501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HDFGroup/hdf5", + "refsource": "MISC", + "name": "https://github.com/HDFGroup/hdf5" + }, + { + "url": "https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md", + "refsource": "MISC", + "name": "https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md" } ] } diff --git a/2021/37xxx/CVE-2021-37502.json b/2021/37xxx/CVE-2021-37502.json index 66e9c78165c..aca02646b0b 100644 --- a/2021/37xxx/CVE-2021-37502.json +++ b/2021/37xxx/CVE-2021-37502.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37502", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37502", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/marcantondahmen/automad/issues/29", + "refsource": "MISC", + "name": "https://github.com/marcantondahmen/automad/issues/29" } ] } diff --git a/2021/37xxx/CVE-2021-37518.json b/2021/37xxx/CVE-2021-37518.json index e6b80eb48cc..5611bf86f51 100644 --- a/2021/37xxx/CVE-2021-37518.json +++ b/2021/37xxx/CVE-2021-37518.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37518", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37518", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/philc/vimium/issues/3832", + "refsource": "MISC", + "name": "https://github.com/philc/vimium/issues/3832" + }, + { + "url": "https://github.com/philc/vimium/pull/3850", + "refsource": "MISC", + "name": "https://github.com/philc/vimium/pull/3850" } ] } diff --git a/2021/37xxx/CVE-2021-37519.json b/2021/37xxx/CVE-2021-37519.json index 9b02c10cea2..b1a010552be 100644 --- a/2021/37xxx/CVE-2021-37519.json +++ b/2021/37xxx/CVE-2021-37519.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/memcached/memcached/issues/805", + "refsource": "MISC", + "name": "https://github.com/memcached/memcached/issues/805" + }, + { + "url": "https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0", + "refsource": "MISC", + "name": "https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0" } ] }