diff --git a/2014/6xxx/CVE-2014-6287.json b/2014/6xxx/CVE-2014-6287.json index d3730dc4ea2..705a769ab54 100644 --- a/2014/6xxx/CVE-2014-6287.json +++ b/2014/6xxx/CVE-2014-6287.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html" } ] } diff --git a/2020/11xxx/CVE-2020-11974.json b/2020/11xxx/CVE-2020-11974.json index cfa4164d763..8377b31410c 100644 --- a/2020/11xxx/CVE-2020-11974.json +++ b/2020/11xxx/CVE-2020-11974.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E", "url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] commented on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security", + "url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security", + "url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E" } ] }, diff --git a/2021/20xxx/CVE-2021-20198.json b/2021/20xxx/CVE-2021-20198.json index 307cd6d3b09..36f39b7dec6 100644 --- a/2021/20xxx/CVE-2021-20198.json +++ b/2021/20xxx/CVE-2021-20198.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openshift/installer", + "version": { + "version_data": [ + { + "version_value": "openshift/installer v0.9.0-master.0.20210125200451-95101da940b0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/20xxx/CVE-2021-20220.json b/2021/20xxx/CVE-2021-20220.json index 2e9d5f296e2..e79b2769f05 100644 --- a/2021/20xxx/CVE-2021-20220.json +++ b/2021/20xxx/CVE-2021-20220.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "Undertow 2.2.0.Final, Undertow 2.1.6.Final, Undertow 2.0.34.Final" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity." } ] } diff --git a/2021/20xxx/CVE-2021-20229.json b/2021/20xxx/CVE-2021-20229.json index fe46d10b079..145133dab43 100644 --- a/2021/20xxx/CVE-2021-20229.json +++ b/2021/20xxx/CVE-2021-20229.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20229", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "postgresql 13.2, postgresql 12.6, postgresql 11.11, postgresql 10.16, postgresql 9.6.21, postgresql 9.5.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1925296", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925296" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality." } ] } diff --git a/2021/22xxx/CVE-2021-22651.json b/2021/22xxx/CVE-2021-22651.json index 4ee47b2b7ec..b37f538c50a 100644 --- a/2021/22xxx/CVE-2021-22651.json +++ b/2021/22xxx/CVE-2021-22651.json @@ -4,14 +4,88 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Luxion KeyShot versions", + "version": { + "version_data": [ + { + "version_value": "versions prior to 10.1" + } + ] + } + }, + { + "product_name": "Luxion KeyShot Viewer", + "version": { + "version_data": [ + { + "version_value": "versions prior to 10.1" + } + ] + } + }, + { + "product_name": "Luxion KeyShot Network Rendering", + "version": { + "version_data": [ + { + "version_value": "versions prior to 10.1" + } + ] + } + }, + { + "product_name": "Luxion KeyVR", + "version": { + "version_data": [ + { + "version_value": "versions prior to 10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders." } ] } diff --git a/2021/26xxx/CVE-2021-26678.json b/2021/26xxx/CVE-2021-26678.json index b1534a600e7..1dac36472a1 100644 --- a/2021/26xxx/CVE-2021-26678.json +++ b/2021/26xxx/CVE-2021-26678.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Unauthenticated Stored Cross-Site Scripting (XSS) in ClearPass Web Administration Interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface." } ] } diff --git a/2021/26xxx/CVE-2021-26681.json b/2021/26xxx/CVE-2021-26681.json index c77920026f3..81a4426fbf9 100644 --- a/2021/26xxx/CVE-2021-26681.json +++ b/2021/26xxx/CVE-2021-26681.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Authenticated Command Injection in ClearPass CLI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise." } ] } diff --git a/2021/26xxx/CVE-2021-26682.json b/2021/26xxx/CVE-2021-26682.json index a4ec79d879c..c5b7e288156 100644 --- a/2021/26xxx/CVE-2021-26682.json +++ b/2021/26xxx/CVE-2021-26682.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Reflected Cross-Site Scripting Vulnerability (XSS) in ClearPass Guest Web Interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the guest portal interface." } ] } diff --git a/2021/26xxx/CVE-2021-26683.json b/2021/26xxx/CVE-2021-26683.json index 9d1c55851e3..999ae244d7d 100644 --- a/2021/26xxx/CVE-2021-26683.json +++ b/2021/26xxx/CVE-2021-26683.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Authenticated Command Injection in ClearPass WebUI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise." } ] } diff --git a/2021/26xxx/CVE-2021-26684.json b/2021/26xxx/CVE-2021-26684.json index a9feafbbd4b..8c15b58eb13 100644 --- a/2021/26xxx/CVE-2021-26684.json +++ b/2021/26xxx/CVE-2021-26684.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Authenticated Command Injection in ClearPass WebUI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise." } ] } diff --git a/2021/26xxx/CVE-2021-26686.json b/2021/26xxx/CVE-2021-26686.json index 366fafe5e23..e379b15e76d 100644 --- a/2021/26xxx/CVE-2021-26686.json +++ b/2021/26xxx/CVE-2021-26686.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Authenticated SQL Injection in Clearpass Web-based Management Interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database." } ] } diff --git a/2021/26xxx/CVE-2021-26926.json b/2021/26xxx/CVE-2021-26926.json index 38a3eb92440..1829a525d15 100644 --- a/2021/26xxx/CVE-2021-26926.json +++ b/2021/26xxx/CVE-2021-26926.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jasper", + "version": { + "version_data": [ + { + "version_value": "jasper 2.0.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/jasper-software/jasper/issues/264", + "url": "https://github.com/jasper-software/jasper/issues/264" + }, + { + "refsource": "MISC", + "name": "https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b", + "url": "https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash." } ] } diff --git a/2021/27xxx/CVE-2021-27189.json b/2021/27xxx/CVE-2021-27189.json index ad77f971919..17bec70bd19 100644 --- a/2021/27xxx/CVE-2021-27189.json +++ b/2021/27xxx/CVE-2021-27189.json @@ -61,6 +61,11 @@ "refsource": "FULLDISC", "name": "20210223 CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)", "url": "http://seclists.org/fulldisclosure/2021/Feb/72" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161507/CIRA-Canadian-Shield-Man-In-The-Middle.html", + "url": "http://packetstormsecurity.com/files/161507/CIRA-Canadian-Shield-Man-In-The-Middle.html" } ] } diff --git a/2021/27xxx/CVE-2021-27370.json b/2021/27xxx/CVE-2021-27370.json index b0195e6890c..741bcdfe661 100644 --- a/2021/27xxx/CVE-2021-27370.json +++ b/2021/27xxx/CVE-2021-27370.json @@ -61,6 +61,11 @@ "url": "https://github.com/monicahq/monica/pull/4543", "refsource": "MISC", "name": "https://github.com/monicahq/monica/pull/4543" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161501/Monica-2.19.1-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/161501/Monica-2.19.1-Cross-Site-Scripting.html" } ] } diff --git a/2021/27xxx/CVE-2021-27579.json b/2021/27xxx/CVE-2021-27579.json index 8cd4e35fff4..3c5919bfc8a 100644 --- a/2021/27xxx/CVE-2021-27579.json +++ b/2021/27xxx/CVE-2021-27579.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27579", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.snowsoftware.com/s/feed/0D56900009cfHLDCA2", + "refsource": "MISC", + "name": "https://community.snowsoftware.com/s/feed/0D56900009cfHLDCA2" } ] } diff --git a/2021/27xxx/CVE-2021-27580.json b/2021/27xxx/CVE-2021-27580.json new file mode 100644 index 00000000000..14c7bd3c003 --- /dev/null +++ b/2021/27xxx/CVE-2021-27580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27581.json b/2021/27xxx/CVE-2021-27581.json new file mode 100644 index 00000000000..4ecb2bffc65 --- /dev/null +++ b/2021/27xxx/CVE-2021-27581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-27581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27582.json b/2021/27xxx/CVE-2021-27582.json new file mode 100644 index 00000000000..79431a2e2d7 --- /dev/null +++ b/2021/27xxx/CVE-2021-27582.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-27582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7eba3c12fed82388f917e8dd9b73e86e3a311e4c", + "refsource": "MISC", + "name": "https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7eba3c12fed82388f917e8dd9b73e86e3a311e4c" + }, + { + "url": "http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html", + "refsource": "MISC", + "name": "http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3156.json b/2021/3xxx/CVE-2021-3156.json index a8ac7d2843b..c4596cff9d4 100644 --- a/2021/3xxx/CVE-2021-3156.json +++ b/2021/3xxx/CVE-2021-3156.json @@ -171,6 +171,11 @@ "refsource": "MISC", "name": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability", "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_21_02", + "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" } ] }