diff --git a/2019/9xxx/CVE-2019-9070.json b/2019/9xxx/CVE-2019-9070.json index 34d06ce2418..677eb38c25d 100644 --- a/2019/9xxx/CVE-2019-9070.json +++ b/2019/9xxx/CVE-2019-9070.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4336-1", "url": "https://usn.ubuntu.com/4336-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9071.json b/2019/9xxx/CVE-2019-9071.json index 6791e4c6aa6..ca5c0cdbf56 100644 --- a/2019/9xxx/CVE-2019-9071.json +++ b/2019/9xxx/CVE-2019-9071.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4336-1", "url": "https://usn.ubuntu.com/4336-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9072.json b/2019/9xxx/CVE-2019-9072.json index cd8e00c0974..f5f514d2a2a 100644 --- a/2019/9xxx/CVE-2019-9072.json +++ b/2019/9xxx/CVE-2019-9072.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K12541829", "url": "https://support.f5.com/csp/article/K12541829" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9073.json b/2019/9xxx/CVE-2019-9073.json index 3d0bb071d32..6ca241a9860 100644 --- a/2019/9xxx/CVE-2019-9073.json +++ b/2019/9xxx/CVE-2019-9073.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4336-1", "url": "https://usn.ubuntu.com/4336-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9074.json b/2019/9xxx/CVE-2019-9074.json index f93132a19ed..caf74c0f406 100644 --- a/2019/9xxx/CVE-2019-9074.json +++ b/2019/9xxx/CVE-2019-9074.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1804", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9075.json b/2019/9xxx/CVE-2019-9075.json index 492a52f4498..58952c8f503 100644 --- a/2019/9xxx/CVE-2019-9075.json +++ b/2019/9xxx/CVE-2019-9075.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1804", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9076.json b/2019/9xxx/CVE-2019-9076.json index da96b429149..4cc4a792026 100644 --- a/2019/9xxx/CVE-2019-9076.json +++ b/2019/9xxx/CVE-2019-9076.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K44650639", "url": "https://support.f5.com/csp/article/K44650639" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2019/9xxx/CVE-2019-9077.json b/2019/9xxx/CVE-2019-9077.json index 68d5d80ecc9..0c9b9dead2a 100644 --- a/2019/9xxx/CVE-2019-9077.json +++ b/2019/9xxx/CVE-2019-9077.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1804", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2020/11xxx/CVE-2020-11758.json b/2020/11xxx/CVE-2020-11758.json index ab14730447d..7666b263fb2 100644 --- a/2020/11xxx/CVE-2020-11758.json +++ b/2020/11xxx/CVE-2020-11758.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11759.json b/2020/11xxx/CVE-2020-11759.json index 3e8d97f430a..afeab058c4e 100644 --- a/2020/11xxx/CVE-2020-11759.json +++ b/2020/11xxx/CVE-2020-11759.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11760.json b/2020/11xxx/CVE-2020-11760.json index bbe15ead964..81f4edd330a 100644 --- a/2020/11xxx/CVE-2020-11760.json +++ b/2020/11xxx/CVE-2020-11760.json @@ -112,6 +112,11 @@ "name": "https://support.apple.com/kb/HT211295", "url": "https://support.apple.com/kb/HT211295" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT211294", + "url": "https://support.apple.com/kb/HT211294" + }, { "refsource": "DEBIAN", "name": "DSA-4755", @@ -121,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11761.json b/2020/11xxx/CVE-2020-11761.json index 46d71facd0c..845d9b50c2b 100644 --- a/2020/11xxx/CVE-2020-11761.json +++ b/2020/11xxx/CVE-2020-11761.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11762.json b/2020/11xxx/CVE-2020-11762.json index 77f4eb5d01a..cdd1c1348c3 100644 --- a/2020/11xxx/CVE-2020-11762.json +++ b/2020/11xxx/CVE-2020-11762.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11763.json b/2020/11xxx/CVE-2020-11763.json index 7a7239a5930..f2ae9ef2496 100644 --- a/2020/11xxx/CVE-2020-11763.json +++ b/2020/11xxx/CVE-2020-11763.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11764.json b/2020/11xxx/CVE-2020-11764.json index 829ee332362..519c4af196d 100644 --- a/2020/11xxx/CVE-2020-11764.json +++ b/2020/11xxx/CVE-2020-11764.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/11xxx/CVE-2020-11765.json b/2020/11xxx/CVE-2020-11765.json index 5bbdc3351bb..3db6a93ad91 100644 --- a/2020/11xxx/CVE-2020-11765.json +++ b/2020/11xxx/CVE-2020-11765.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/15xxx/CVE-2020-15304.json b/2020/15xxx/CVE-2020-15304.json index 5adca9b7bfa..12832020f98 100644 --- a/2020/15xxx/CVE-2020-15304.json +++ b/2020/15xxx/CVE-2020-15304.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1015", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/15xxx/CVE-2020-15305.json b/2020/15xxx/CVE-2020-15305.json index 02823350927..fa0398248d5 100644 --- a/2020/15xxx/CVE-2020-15305.json +++ b/2020/15xxx/CVE-2020-15305.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/15xxx/CVE-2020-15306.json b/2020/15xxx/CVE-2020-15306.json index 76fc5e492ab..aa850fe948b 100644 --- a/2020/15xxx/CVE-2020-15306.json +++ b/2020/15xxx/CVE-2020-15306.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] } diff --git a/2020/18xxx/CVE-2020-18979.json b/2020/18xxx/CVE-2020-18979.json index bc11fc04bba..18c261fe6b5 100644 --- a/2020/18xxx/CVE-2020-18979.json +++ b/2020/18xxx/CVE-2020-18979.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18979", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwarded-for Header parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/126", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/126" } ] } diff --git a/2020/18xxx/CVE-2020-18980.json b/2020/18xxx/CVE-2020-18980.json index 3f1aab77650..c8f2bb85485 100644 --- a/2020/18xxx/CVE-2020-18980.json +++ b/2020/18xxx/CVE-2020-18980.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18980", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18980", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/halo-dev/halo/issues/134", + "refsource": "MISC", + "name": "https://github.com/halo-dev/halo/issues/134" } ] } diff --git a/2020/19xxx/CVE-2020-19201.json b/2020/19xxx/CVE-2020-19201.json index 5324bb0846b..0f693002eb0 100644 --- a/2020/19xxx/CVE-2020-19201.json +++ b/2020/19xxx/CVE-2020-19201.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19201", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19201", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). The impact is: Authenticated Stored XSS in NAT Configuration (local). The component is: Description Text box, Status/Reload Filter Page. The attack vector is: An attacker get access to the victim's session by performing the CSRF and gather the cookie and session ids or possibly can change the victims NAT configuration using this Stored XSS. This attack can possibly spoof the victim's informations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pfsense.org/download/", + "refsource": "MISC", + "name": "https://www.pfsense.org/download/" + }, + { + "refsource": "MISC", + "name": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html", + "url": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html" } ] } diff --git a/2020/19xxx/CVE-2020-19203.json b/2020/19xxx/CVE-2020-19203.json index ad77ec7bd18..04339c9b2fd 100644 --- a/2020/19xxx/CVE-2020-19203.json +++ b/2020/19xxx/CVE-2020-19203.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19203", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19203", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking, Information Leakage (local). The component is: pfSense Dashboard, Work-on-LAN Service configuration. The attack vector is: Inject the malicious JavaScript code in Description text box or parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pfsense.org/download/", + "refsource": "MISC", + "name": "https://www.pfsense.org/download/" + }, + { + "refsource": "MISC", + "name": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html", + "url": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html" } ] } diff --git a/2020/19xxx/CVE-2020-19204.json b/2020/19xxx/CVE-2020-19204.json index 87b809a7b77..bdec3399800 100644 --- a/2020/19xxx/CVE-2020-19204.json +++ b/2020/19xxx/CVE-2020-19204.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19204", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19204", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the \"Remark\" text box or \"remark\" parameter. The attack vector is: Attacker need to craft the malicious javascript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.lightningwirelabs.com", + "refsource": "MISC", + "name": "https://www.lightningwirelabs.com" + }, + { + "refsource": "MISC", + "name": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released", + "url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released" } ] } diff --git a/2020/21xxx/CVE-2020-21131.json b/2020/21xxx/CVE-2020-21131.json index d3c8cc3af20..4b88fce03d0 100644 --- a/2020/21xxx/CVE-2020-21131.json +++ b/2020/21xxx/CVE-2020-21131.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21131", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21131", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SZFsir/tmpProject/issues/3", + "refsource": "MISC", + "name": "https://github.com/SZFsir/tmpProject/issues/3" + }, + { + "refsource": "MISC", + "name": "https://www.mituo.cn/news/2473.html", + "url": "https://www.mituo.cn/news/2473.html" } ] } diff --git a/2020/21xxx/CVE-2020-21132.json b/2020/21xxx/CVE-2020-21132.json index aba639b7148..4028645b1a1 100644 --- a/2020/21xxx/CVE-2020-21132.json +++ b/2020/21xxx/CVE-2020-21132.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21132", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21132", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Metinfo 7.0.0beta in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SZFsir/tmpProject/issues/2", + "refsource": "MISC", + "name": "https://github.com/SZFsir/tmpProject/issues/2" + }, + { + "refsource": "MISC", + "name": "https://www.mituo.cn/news/2473.html", + "url": "https://www.mituo.cn/news/2473.html" } ] } diff --git a/2020/21xxx/CVE-2020-21133.json b/2020/21xxx/CVE-2020-21133.json index 67eeca9826c..a1d579ebec0 100644 --- a/2020/21xxx/CVE-2020-21133.json +++ b/2020/21xxx/CVE-2020-21133.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21133", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21133", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SZFsir/tmpProject/issues/1", + "refsource": "MISC", + "name": "https://github.com/SZFsir/tmpProject/issues/1" + }, + { + "refsource": "MISC", + "name": "https://www.mituo.cn/news/2473.html", + "url": "https://www.mituo.cn/news/2473.html" } ] } diff --git a/2020/21xxx/CVE-2020-21333.json b/2020/21xxx/CVE-2020-21333.json index 8a16faccb84..ac82b1f0270 100644 --- a/2020/21xxx/CVE-2020-21333.json +++ b/2020/21xxx/CVE-2020-21333.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21333", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21333", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sanluan/PublicCMS/issues/27", + "refsource": "MISC", + "name": "https://github.com/sanluan/PublicCMS/issues/27" } ] } diff --git a/2020/25xxx/CVE-2020-25391.json b/2020/25xxx/CVE-2020-25391.json index 2f9a2d77f5d..cc20066386c 100644 --- a/2020/25xxx/CVE-2020-25391.json +++ b/2020/25xxx/CVE-2020-25391.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/cszcms/tickets/1/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/cszcms/tickets/1/" } ] } diff --git a/2020/25xxx/CVE-2020-25392.json b/2020/25xxx/CVE-2020-25392.json index 8c5a313aa8d..5c43e3c5a18 100644 --- a/2020/25xxx/CVE-2020-25392.json +++ b/2020/25xxx/CVE-2020-25392.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/cszcms/tickets/2/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/cszcms/tickets/2/" } ] } diff --git a/2020/25xxx/CVE-2020-25394.json b/2020/25xxx/CVE-2020-25394.json index 0da1f0a5c83..f8f5b8f5adb 100644 --- a/2020/25xxx/CVE-2020-25394.json +++ b/2020/25xxx/CVE-2020-25394.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25394", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25394", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Content\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mozilo/mozilo2.0/issues/28", + "refsource": "MISC", + "name": "https://github.com/mozilo/mozilo2.0/issues/28" } ] } diff --git a/2020/25xxx/CVE-2020-25875.json b/2020/25xxx/CVE-2020-25875.json index 343ee51a832..9b8d8e8e9a2 100644 --- a/2020/25xxx/CVE-2020-25875.json +++ b/2020/25xxx/CVE-2020-25875.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codoforum.com/", + "refsource": "MISC", + "name": "https://codoforum.com/" + }, + { + "url": "https://github.com/r0ck3t1973/xss_payload/issues/4", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/xss_payload/issues/4" } ] } diff --git a/2020/25xxx/CVE-2020-25876.json b/2020/25xxx/CVE-2020-25876.json index a8062e2d6be..c09827ff46a 100644 --- a/2020/25xxx/CVE-2020-25876.json +++ b/2020/25xxx/CVE-2020-25876.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codoforum.com/", + "refsource": "MISC", + "name": "https://codoforum.com/" + }, + { + "url": "https://github.com/r0ck3t1973/xss_payload/issues/3", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/xss_payload/issues/3" } ] } diff --git a/2020/25xxx/CVE-2020-25877.json b/2020/25xxx/CVE-2020-25877.json index 88d33d99a1e..05710688ca9 100644 --- a/2020/25xxx/CVE-2020-25877.json +++ b/2020/25xxx/CVE-2020-25877.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25877", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25877", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401", + "refsource": "MISC", + "name": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401" + }, + { + "url": "https://blackcat-cms.org/", + "refsource": "MISC", + "name": "https://blackcat-cms.org/" } ] } diff --git a/2020/25xxx/CVE-2020-25878.json b/2020/25xxx/CVE-2020-25878.json index e30a69a7249..027e061b425 100644 --- a/2020/25xxx/CVE-2020-25878.json +++ b/2020/25xxx/CVE-2020-25878.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25878", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25878", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blackcat-cms.org/", + "refsource": "MISC", + "name": "https://blackcat-cms.org/" + }, + { + "url": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/402", + "refsource": "MISC", + "name": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/402" } ] } diff --git a/2020/25xxx/CVE-2020-25879.json b/2020/25xxx/CVE-2020-25879.json index 26c2746ef49..e65f7e239db 100644 --- a/2020/25xxx/CVE-2020-25879.json +++ b/2020/25xxx/CVE-2020-25879.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25879", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25879", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codoforum.com/", + "refsource": "MISC", + "name": "https://codoforum.com/" + }, + { + "url": "https://github.com/r0ck3t1973/xss_payload/issues/5", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/xss_payload/issues/5" } ] } diff --git a/2020/29xxx/CVE-2020-29014.json b/2020/29xxx/CVE-2020-29014.json index c111b9566a9..2729f3371ea 100644 --- a/2020/29xxx/CVE-2020-29014.json +++ b/2020/29xxx/CVE-2020-29014.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-29014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSandbox", + "version": { + "version_data": [ + { + "version_value": "FortiSandbox before 3.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 6.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-185", + "url": "https://fortiguard.com/advisory/FG-IR-20-185" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands." } ] } diff --git a/2020/29xxx/CVE-2020-29479.json b/2020/29xxx/CVE-2020-29479.json index 9dd92fc6abd..60fb2a69634 100644 --- a/2020/29xxx/CVE-2020-29479.json +++ b/2020/29xxx/CVE-2020-29479.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df772b417b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29486.json b/2020/29xxx/CVE-2020-29486.json index 1f1c4837e9e..89adf5a317a 100644 --- a/2020/29xxx/CVE-2020-29486.json +++ b/2020/29xxx/CVE-2020-29486.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df772b417b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29487.json b/2020/29xxx/CVE-2020-29487.json index 49243af5dbc..8452d681be6 100644 --- a/2020/29xxx/CVE-2020-29487.json +++ b/2020/29xxx/CVE-2020-29487.json @@ -56,6 +56,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-354.html", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-354.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29566.json b/2020/29xxx/CVE-2020-29566.json index 05b40199081..ca7b52154b4 100644 --- a/2020/29xxx/CVE-2020-29566.json +++ b/2020/29xxx/CVE-2020-29566.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df772b417b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29567.json b/2020/29xxx/CVE-2020-29567.json index 8d01b336b51..24749530cbd 100644 --- a/2020/29xxx/CVE-2020-29567.json +++ b/2020/29xxx/CVE-2020-29567.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-64859a826b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29568.json b/2020/29xxx/CVE-2020-29568.json index 7963f029078..8fbb8128c73 100644 --- a/2020/29xxx/CVE-2020-29568.json +++ b/2020/29xxx/CVE-2020-29568.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29569.json b/2020/29xxx/CVE-2020-29569.json index da143876d95..dce7c41a4b9 100644 --- a/2020/29xxx/CVE-2020-29569.json +++ b/2020/29xxx/CVE-2020-29569.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29570.json b/2020/29xxx/CVE-2020-29570.json index f545bf1059a..b2ef8d55b2a 100644 --- a/2020/29xxx/CVE-2020-29570.json +++ b/2020/29xxx/CVE-2020-29570.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df772b417b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/29xxx/CVE-2020-29571.json b/2020/29xxx/CVE-2020-29571.json index 78a3f7bb2dd..5740c226d87 100644 --- a/2020/29xxx/CVE-2020-29571.json +++ b/2020/29xxx/CVE-2020-29571.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df772b417b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2020/35xxx/CVE-2020-35448.json b/2020/35xxx/CVE-2020-35448.json index e46f2682b31..d83d973da92 100644 --- a/2020/35xxx/CVE-2020-35448.json +++ b/2020/35xxx/CVE-2020-35448.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210129-0008/", "url": "https://security.netapp.com/advisory/ntap-20210129-0008/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] } diff --git a/2020/35xxx/CVE-2020-35493.json b/2020/35xxx/CVE-2020-35493.json index 3afd350cfc8..6ffcefc5106 100644 --- a/2020/35xxx/CVE-2020-35493.json +++ b/2020/35xxx/CVE-2020-35493.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210212-0007/", "url": "https://security.netapp.com/advisory/ntap-20210212-0007/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] }, diff --git a/2020/35xxx/CVE-2020-35494.json b/2020/35xxx/CVE-2020-35494.json index d921ed3ef1a..7aa053c1ff1 100644 --- a/2020/35xxx/CVE-2020-35494.json +++ b/2020/35xxx/CVE-2020-35494.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210212-0007/", "url": "https://security.netapp.com/advisory/ntap-20210212-0007/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] }, diff --git a/2020/35xxx/CVE-2020-35495.json b/2020/35xxx/CVE-2020-35495.json index 993d74723eb..899f2c4f621 100644 --- a/2020/35xxx/CVE-2020-35495.json +++ b/2020/35xxx/CVE-2020-35495.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210212-0007/", "url": "https://security.netapp.com/advisory/ntap-20210212-0007/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] }, diff --git a/2020/35xxx/CVE-2020-35496.json b/2020/35xxx/CVE-2020-35496.json index 44415e6f1fc..60a7e6b6505 100644 --- a/2020/35xxx/CVE-2020-35496.json +++ b/2020/35xxx/CVE-2020-35496.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210212-0007/", "url": "https://security.netapp.com/advisory/ntap-20210212-0007/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] }, diff --git a/2020/35xxx/CVE-2020-35507.json b/2020/35xxx/CVE-2020-35507.json index 1c4291d6b69..7fd4a72e917 100644 --- a/2020/35xxx/CVE-2020-35507.json +++ b/2020/35xxx/CVE-2020-35507.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210212-0007/", "url": "https://security.netapp.com/advisory/ntap-20210212-0007/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-24", + "url": "https://security.gentoo.org/glsa/202107-24" } ] }, diff --git a/2020/35xxx/CVE-2020-35984.json b/2020/35xxx/CVE-2020-35984.json index 3fdfd5203e8..e957fb08466 100644 --- a/2020/35xxx/CVE-2020-35984.json +++ b/2020/35xxx/CVE-2020-35984.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35984", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35984", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/r0ck3t1973/rukovoditel/issues/4", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/rukovoditel/issues/4" } ] } diff --git a/2020/35xxx/CVE-2020-35985.json b/2020/35xxx/CVE-2020-35985.json index e845d01f315..77377f7bf9b 100644 --- a/2020/35xxx/CVE-2020-35985.json +++ b/2020/35xxx/CVE-2020-35985.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35985", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35985", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Global Lists\" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/r0ck3t1973/rukovoditel/issues/3", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/rukovoditel/issues/3" } ] } diff --git a/2020/35xxx/CVE-2020-35986.json b/2020/35xxx/CVE-2020-35986.json index ee9310dcca5..00b1fa7a1f5 100644 --- a/2020/35xxx/CVE-2020-35986.json +++ b/2020/35xxx/CVE-2020-35986.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35986", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35986", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/r0ck3t1973/rukovoditel/issues/2", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/rukovoditel/issues/2" } ] } diff --git a/2020/35xxx/CVE-2020-35987.json b/2020/35xxx/CVE-2020-35987.json index 81836490d47..ad93f515b9b 100644 --- a/2020/35xxx/CVE-2020-35987.json +++ b/2020/35xxx/CVE-2020-35987.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35987", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35987", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/r0ck3t1973/rukovoditel/issues/1", + "refsource": "MISC", + "name": "https://github.com/r0ck3t1973/rukovoditel/issues/1" } ] } diff --git a/2020/7xxx/CVE-2020-7872.json b/2020/7xxx/CVE-2020-7872.json index d9762209b7b..0055002cf2f 100644 --- a/2020/7xxx/CVE-2020-7872.json +++ b/2020/7xxx/CVE-2020-7872.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "8.98.7.0 and prior", + "version_value": "8.98.8.0" + } + ] + } + } + ] + }, + "vendor_name": "HumanTalk" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "http://datools.kr/zeroboard/view.php?id=datools_notice&page=5&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=506", + "name": "http://datools.kr/zeroboard/view.php?id=datools_notice&page=5&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=506" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9484.json b/2020/9xxx/CVE-2020-9484.json index 3dde2f998c6..47efb1cd525 100644 --- a/2020/9xxx/CVE-2020-9484.json +++ b/2020/9xxx/CVE-2020-9484.json @@ -228,6 +228,11 @@ "refsource": "MLIST", "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", + "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2021/0xxx/CVE-2021-0089.json b/2021/0xxx/CVE-2021-0089.json index c82ee85125b..0309934b260 100644 --- a/2021/0xxx/CVE-2021-0089.json +++ b/2021/0xxx/CVE-2021-0089.json @@ -78,6 +78,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-993693c914", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/20xxx/CVE-2021-20024.json b/2021/20xxx/CVE-2021-20024.json index 40abf2a473b..dc765a74c80 100644 --- a/2021/20xxx/CVE-2021-20024.json +++ b/2021/20xxx/CVE-2021-20024.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", "ID": "CVE-2021-20024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicWall Switch", + "version": { + "version_data": [ + { + "version_value": "1.0.0.5-16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011" } ] } diff --git a/2021/20xxx/CVE-2021-20296.json b/2021/20xxx/CVE-2021-20296.json index e2fc70af84c..60b237b24cc 100644 --- a/2021/20xxx/CVE-2021-20296.json +++ b/2021/20xxx/CVE-2021-20296.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/20xxx/CVE-2021-20640.json b/2021/20xxx/CVE-2021-20640.json index 6acda37d716..f784caa22ad 100644 --- a/2021/20xxx/CVE-2021-20640.json +++ b/2021/20xxx/CVE-2021-20640.json @@ -53,6 +53,11 @@ "url": "https://jvn.jp/en/jp/JVN96783542/index.html", "refsource": "MISC", "name": "https://jvn.jp/en/jp/JVN96783542/index.html" + }, + { + "refsource": "MLIST", + "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", + "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E" } ] }, diff --git a/2021/21xxx/CVE-2021-21284.json b/2021/21xxx/CVE-2021-21284.json index 30c62672c6e..a0d338838ad 100644 --- a/2021/21xxx/CVE-2021-21284.json +++ b/2021/21xxx/CVE-2021-21284.json @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4865", "url": "https://www.debian.org/security/2021/dsa-4865" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-23", + "url": "https://security.gentoo.org/glsa/202107-23" } ] }, diff --git a/2021/21xxx/CVE-2021-21285.json b/2021/21xxx/CVE-2021-21285.json index 86f5c8e8757..789b0bc8960 100644 --- a/2021/21xxx/CVE-2021-21285.json +++ b/2021/21xxx/CVE-2021-21285.json @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4865", "url": "https://www.debian.org/security/2021/dsa-4865" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-23", + "url": "https://security.gentoo.org/glsa/202107-23" } ] }, diff --git a/2021/21xxx/CVE-2021-21295.json b/2021/21xxx/CVE-2021-21295.json index e5fa624fd0f..c8e083cb5cf 100644 --- a/2021/21xxx/CVE-2021-21295.json +++ b/2021/21xxx/CVE-2021-21295.json @@ -438,6 +438,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E", "url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-dev] 20210709 [GitHub] [jackrabbit-oak] blackat opened a new pull request #321: Update netty to resolve CVE-2021-21295 and BDSA-2018-4022", + "url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3@%3Cdev.jackrabbit.apache.org%3E" } ] }, diff --git a/2021/21xxx/CVE-2021-21588.json b/2021/21xxx/CVE-2021-21588.json index d81e872b7ae..05b1372174a 100644 --- a/2021/21xxx/CVE-2021-21588.json +++ b/2021/21xxx/CVE-2021-21588.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-07-01", "ID": "CVE-2021-21588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerFlex", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.5.x" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.5, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000189265", + "name": "https://www.dell.com/support/kbdoc/000189265" } ] } diff --git a/2021/21xxx/CVE-2021-21589.json b/2021/21xxx/CVE-2021-21589.json index 8f0d52d5209..032f22c4cff 100644 --- a/2021/21xxx/CVE-2021-21589.json +++ b/2021/21xxx/CVE-2021-21589.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-07-01", "ID": "CVE-2021-21589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.0.0.5.394" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 5.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000189204", + "name": "https://www.dell.com/support/kbdoc/000189204" } ] } diff --git a/2021/21xxx/CVE-2021-21590.json b/2021/21xxx/CVE-2021-21590.json index 844b9fe957f..acaa6760414 100644 --- a/2021/21xxx/CVE-2021-21590.json +++ b/2021/21xxx/CVE-2021-21590.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-07-01", "ID": "CVE-2021-21590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.0.0.5.394" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000189204", + "name": "https://www.dell.com/support/kbdoc/000189204" } ] } diff --git a/2021/21xxx/CVE-2021-21591.json b/2021/21xxx/CVE-2021-21591.json index e1205723403..e41abc3890d 100644 --- a/2021/21xxx/CVE-2021-21591.json +++ b/2021/21xxx/CVE-2021-21591.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-07-01", "ID": "CVE-2021-21591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.1.0.0.5.394" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000189204", + "name": "https://www.dell.com/support/kbdoc/000189204" } ] } diff --git a/2021/22xxx/CVE-2021-22129.json b/2021/22xxx/CVE-2021-22129.json index 085de36046c..b841d07ab31 100644 --- a/2021/22xxx/CVE-2021-22129.json +++ b/2021/22xxx/CVE-2021-22129.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 6.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-023", + "url": "https://fortiguard.com/advisory/FG-IR-21-023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests." } ] } diff --git a/2021/22xxx/CVE-2021-22515.json b/2021/22xxx/CVE-2021-22515.json index e7744a24ab6..8a870adedb3 100644 --- a/2021/22xxx/CVE-2021-22515.json +++ b/2021/22xxx/CVE-2021-22515.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@microfocus.com", + "DATE_PUBLIC": "2021-04-29T16:40:00.000Z", "ID": "CVE-2021-22515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ Advanced Authentication", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "NetIQ Advanced Authentication", + "version_value": "6.3 SP4 Patch 1" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication. " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to NetIQ Advanced Authentication Framework 6.3 SP4 Patch 1" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22916.json b/2021/22xxx/CVE-2021-22916.json index b5e05b1cebb..65eb4781b6a 100644 --- a/2021/22xxx/CVE-2021-22916.json +++ b/2021/22xxx/CVE-2021-22916.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/brave/brave-core", + "version": { + "version_data": [ + { + "version_value": "Fixed in 1.26.60" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1203842", + "url": "https://hackerone.com/reports/1203842" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure." } ] } diff --git a/2021/22xxx/CVE-2021-22917.json b/2021/22xxx/CVE-2021-22917.json index 6c06b858b8d..7271ca94e1d 100644 --- a/2021/22xxx/CVE-2021-22917.json +++ b/2021/22xxx/CVE-2021-22917.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/brave/brave-core", + "version": { + "version_data": [ + { + "version_value": "Fixed in 1.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1077022", + "url": "https://hackerone.com/reports/1077022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled." } ] } diff --git a/2021/22xxx/CVE-2021-22918.json b/2021/22xxx/CVE-2021-22918.json index 7509b4aba85..cf5556f9f38 100644 --- a/2021/22xxx/CVE-2021-22918.json +++ b/2021/22xxx/CVE-2021-22918.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 16.4.1, 14.17.2, and 12.22.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1209681", + "url": "https://hackerone.com/reports/1209681" + }, + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo()." } ] } diff --git a/2021/22xxx/CVE-2021-22921.json b/2021/22xxx/CVE-2021-22921.json index cc9f8f4dbc4..68fe1351e02 100644 --- a/2021/22xxx/CVE-2021-22921.json +++ b/2021/22xxx/CVE-2021-22921.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/node", + "version": { + "version_data": [ + { + "version_value": "Fixed in 16.4.1, 14.17.2, and 12.22.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Permission Assignment for Critical Resource (CWE-732)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/", + "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1211160", + "url": "https://hackerone.com/reports/1211160" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking." } ] } diff --git a/2021/23xxx/CVE-2021-23389.json b/2021/23xxx/CVE-2021-23389.json index 090b3328ec0..391032b5238 100644 --- a/2021/23xxx/CVE-2021-23389.json +++ b/2021/23xxx/CVE-2021-23389.json @@ -3,16 +3,99 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-07-12T15:10:39.617762Z", "ID": "CVE-2021-23389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary Code Execution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "total.js", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.4.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607", + "name": "https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607" + }, + { + "refsource": "MISC", + "url": "https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631", + "name": "https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631" + }, + { + "refsource": "MISC", + "url": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3", + "name": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera (@d3lla)" + }, + { + "lang": "eng", + "value": "Agustin Gianni" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23390.json b/2021/23xxx/CVE-2021-23390.json index 317fc7bc9d4..01c6ef97e21 100644 --- a/2021/23xxx/CVE-2021-23390.json +++ b/2021/23xxx/CVE-2021-23390.json @@ -3,16 +3,95 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-07-12T15:10:50.625348Z", "ID": "CVE-2021-23390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary Code Execution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "total4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.0.43" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-TOTAL4-1130527", + "name": "https://snyk.io/vuln/SNYK-JS-TOTAL4-1130527" + }, + { + "refsource": "MISC", + "url": "https://github.com/totaljs/framework4/blob/master/utils.js%23L5430-L5455", + "name": "https://github.com/totaljs/framework4/blob/master/utils.js%23L5430-L5455" + }, + { + "refsource": "MISC", + "url": "https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821", + "name": "https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera (@d3lla)" + } + ] } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24007.json b/2021/24xxx/CVE-2021-24007.json index bba256d2a83..e1eb1f2bde8 100644 --- a/2021/24xxx/CVE-2021-24007.json +++ b/2021/24xxx/CVE-2021-24007.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 6.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 9.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-012", + "url": "https://fortiguard.com/advisory/FG-IR-21-012" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests." } ] } diff --git a/2021/24xxx/CVE-2021-24013.json b/2021/24xxx/CVE-2021-24013.json index b6396e9b719..3c7d4bedc13 100644 --- a/2021/24xxx/CVE-2021-24013.json +++ b/2021/24xxx/CVE-2021-24013.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 6.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-014", + "url": "https://fortiguard.com/advisory/FG-IR-21-014" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests." } ] } diff --git a/2021/24xxx/CVE-2021-24015.json b/2021/24xxx/CVE-2021-24015.json index cfbd92a9cca..976521f99af 100644 --- a/2021/24xxx/CVE-2021-24015.json +++ b/2021/24xxx/CVE-2021-24015.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 6.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 7.0, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "High", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-021", + "url": "https://fortiguard.com/advisory/FG-IR-21-021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests." } ] } diff --git a/2021/24xxx/CVE-2021-24020.json b/2021/24xxx/CVE-2021-24020.json index 5e7d0cb22f5..d624f51f816 100644 --- a/2021/24xxx/CVE-2021-24020.json +++ b/2021/24xxx/CVE-2021-24020.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 6.9, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-027", + "url": "https://fortiguard.com/advisory/FG-IR-21-027" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification." } ] } diff --git a/2021/26xxx/CVE-2021-26088.json b/2021/26xxx/CVE-2021-26088.json index e8c4370f6a3..27da152b9af 100644 --- a/2021/26xxx/CVE-2021-26088.json +++ b/2021/26xxx/CVE-2021-26088.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FSSO Windows DC Agent, FSSO Windows CA", + "version": { + "version_data": [ + { + "version_value": "FSSO Windows DC Agent 5.0.295, 5.0.294; FSSO Windows CA 5.0.295, 5.0.294" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Adjacent", + "availabilityImpact": "Low", + "baseScore": 6.7, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 287 - Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-191", + "url": "https://fortiguard.com/advisory/FG-IR-20-191" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets." } ] } diff --git a/2021/26xxx/CVE-2021-26089.json b/2021/26xxx/CVE-2021-26089.json index c203cd35c05..a5819bdaf3f 100644 --- a/2021/26xxx/CVE-2021-26089.json +++ b/2021/26xxx/CVE-2021-26089.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26089", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientMac", + "version": { + "version_data": [ + { + "version_value": "FortiClientMac 6.4.3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 6.3, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-022", + "url": "https://fortiguard.com/advisory/FG-IR-21-022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase." } ] } diff --git a/2021/26xxx/CVE-2021-26090.json b/2021/26xxx/CVE-2021-26090.json index fe0d376292c..574b2db1480 100644 --- a/2021/26xxx/CVE-2021-26090.json +++ b/2021/26xxx/CVE-2021-26090.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-042", + "url": "https://fortiguard.com/advisory/FG-IR-21-042" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests." } ] } diff --git a/2021/26xxx/CVE-2021-26099.json b/2021/26xxx/CVE-2021-26099.json index 1dbf3894f36..c85fd11d3e8 100644 --- a/2021/26xxx/CVE-2021-26099.json +++ b/2021/26xxx/CVE-2021-26099.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26099", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.2, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "High", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-244", + "url": "https://fortiguard.com/advisory/FG-IR-20-244" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext." } ] } diff --git a/2021/26xxx/CVE-2021-26100.json b/2021/26xxx/CVE-2021-26100.json index 3bed7be7bbf..f143a1e2765 100644 --- a/2021/26xxx/CVE-2021-26100.json +++ b/2021/26xxx/CVE-2021-26100.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail before 7.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.6, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-003", + "url": "https://fortiguard.com/advisory/FG-IR-21-003" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible." } ] } diff --git a/2021/26xxx/CVE-2021-26106.json b/2021/26xxx/CVE-2021-26106.json index 4456e8ac0ec..f8a384d0a36 100644 --- a/2021/26xxx/CVE-2021-26106.json +++ b/2021/26xxx/CVE-2021-26106.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiAP-W2, FortiAP-S, FortiAP", + "version": { + "version_data": [ + { + "version_value": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.6, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-210", + "url": "https://fortiguard.com/advisory/FG-IR-20-210" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments." } ] } diff --git a/2021/26xxx/CVE-2021-26313.json b/2021/26xxx/CVE-2021-26313.json index cb4337cd19a..8b7de715ea6 100644 --- a/2021/26xxx/CVE-2021-26313.json +++ b/2021/26xxx/CVE-2021-26313.json @@ -102,6 +102,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-993693c914", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/26xxx/CVE-2021-26675.json b/2021/26xxx/CVE-2021-26675.json index f71f64d03e0..009f38cff86 100644 --- a/2021/26xxx/CVE-2021-26675.json +++ b/2021/26xxx/CVE-2021-26675.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://kunnamon.io/tbone/", "url": "https://kunnamon.io/tbone/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-29", + "url": "https://security.gentoo.org/glsa/202107-29" } ] } diff --git a/2021/26xxx/CVE-2021-26676.json b/2021/26xxx/CVE-2021-26676.json index b2aa84b458e..814c3320433 100644 --- a/2021/26xxx/CVE-2021-26676.json +++ b/2021/26xxx/CVE-2021-26676.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "https://kunnamon.io/tbone/", "url": "https://kunnamon.io/tbone/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-29", + "url": "https://security.gentoo.org/glsa/202107-29" } ] } diff --git a/2021/27xxx/CVE-2021-27293.json b/2021/27xxx/CVE-2021-27293.json index ae6008a65a6..3683bb335fa 100644 --- a/2021/27xxx/CVE-2021-27293.json +++ b/2021/27xxx/CVE-2021-27293.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27293", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27293", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://restsharp.dev/", + "refsource": "MISC", + "name": "https://restsharp.dev/" + }, + { + "refsource": "MISC", + "name": "https://github.com/restsharp/RestSharp/issues/1556", + "url": "https://github.com/restsharp/RestSharp/issues/1556" } ] } diff --git a/2021/28xxx/CVE-2021-28089.json b/2021/28xxx/CVE-2021-28089.json index ab80c3461f3..9d8a7f62dd3 100644 --- a/2021/28xxx/CVE-2021-28089.json +++ b/2021/28xxx/CVE-2021-28089.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-e68317166d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-25", + "url": "https://security.gentoo.org/glsa/202107-25" } ] } diff --git a/2021/28xxx/CVE-2021-28090.json b/2021/28xxx/CVE-2021-28090.json index a684843acf2..ba770bdae7e 100644 --- a/2021/28xxx/CVE-2021-28090.json +++ b/2021/28xxx/CVE-2021-28090.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-e68317166d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-25", + "url": "https://security.gentoo.org/glsa/202107-25" } ] } diff --git a/2021/28xxx/CVE-2021-28163.json b/2021/28xxx/CVE-2021-28163.json index 5828b53d10c..b80901502b3 100644 --- a/2021/28xxx/CVE-2021-28163.json +++ b/2021/28xxx/CVE-2021-28163.json @@ -154,6 +154,16 @@ "refsource": "MLIST", "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28164.json b/2021/28xxx/CVE-2021-28164.json index b138b9e631f..c993bfe42aa 100644 --- a/2021/28xxx/CVE-2021-28164.json +++ b/2021/28xxx/CVE-2021-28164.json @@ -126,6 +126,16 @@ "refsource": "MLIST", "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28165.json b/2021/28xxx/CVE-2021-28165.json index c5241835974..e09c5593ff7 100644 --- a/2021/28xxx/CVE-2021-28165.json +++ b/2021/28xxx/CVE-2021-28165.json @@ -577,6 +577,16 @@ "refsource": "MLIST", "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr", "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28293.json b/2021/28xxx/CVE-2021-28293.json index 3988787bc9a..4f6a63c4fa3 100644 --- a/2021/28xxx/CVE-2021-28293.json +++ b/2021/28xxx/CVE-2021-28293.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "url": "http://aisiem.com", - "refsource": "MISC", - "name": "http://aisiem.com" - }, { "refsource": "MISC", "name": "https://0xdb9.in/2021/06/07/cve-2021-28293.html", "url": "https://0xdb9.in/2021/06/07/cve-2021-28293.html" + }, + { + "refsource": "MISC", + "name": "https://www.seceon.com/advanced-siem-aisiem", + "url": "https://www.seceon.com/advanced-siem-aisiem" } ] } diff --git a/2021/28xxx/CVE-2021-28687.json b/2021/28xxx/CVE-2021-28687.json index 17e7412af5b..d97caa6945b 100644 --- a/2021/28xxx/CVE-2021-28687.json +++ b/2021/28xxx/CVE-2021-28687.json @@ -121,6 +121,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-368.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-368.txt" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/28xxx/CVE-2021-28690.json b/2021/28xxx/CVE-2021-28690.json index fba9dca3708..643c8d4440a 100644 --- a/2021/28xxx/CVE-2021-28690.json +++ b/2021/28xxx/CVE-2021-28690.json @@ -121,6 +121,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-377.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-377.txt" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/28xxx/CVE-2021-28691.json b/2021/28xxx/CVE-2021-28691.json index 384745f1f23..1c5249358c0 100644 --- a/2021/28xxx/CVE-2021-28691.json +++ b/2021/28xxx/CVE-2021-28691.json @@ -101,6 +101,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-374.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-374.txt" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/28xxx/CVE-2021-28692.json b/2021/28xxx/CVE-2021-28692.json index 61a21bc7e86..21e146d3d66 100644 --- a/2021/28xxx/CVE-2021-28692.json +++ b/2021/28xxx/CVE-2021-28692.json @@ -142,6 +142,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-373.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-373.txt" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/28xxx/CVE-2021-28693.json b/2021/28xxx/CVE-2021-28693.json index 5e7323946aa..6ccaa2a4cd9 100644 --- a/2021/28xxx/CVE-2021-28693.json +++ b/2021/28xxx/CVE-2021-28693.json @@ -131,6 +131,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-372.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-372.txt" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] }, diff --git a/2021/29xxx/CVE-2021-29102.json b/2021/29xxx/CVE-2021-29102.json index 29f54836afc..02ec40e4947 100644 --- a/2021/29xxx/CVE-2021-29102.json +++ b/2021/29xxx/CVE-2021-29102.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:09:00.000Z", "ID": "CVE-2021-29102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server ", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "<", + "version_name": "All", + "version_value": "10.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000137658" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29103.json b/2021/29xxx/CVE-2021-29103.json index c25c5dda1eb..17ea89dff5d 100644 --- a/2021/29xxx/CVE-2021-29103.json +++ b/2021/29xxx/CVE-2021-29103.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:11:00.000Z", "ID": "CVE-2021-29103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "<", + "version_name": "All", + "version_value": "10.9" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user\u2019s browser." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000137662", + "" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29104.json b/2021/29xxx/CVE-2021-29104.json index ef187d808ba..2a2f3846fc3 100644 --- a/2021/29xxx/CVE-2021-29104.json +++ b/2021/29xxx/CVE-2021-29104.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:17:00.000Z", "ID": "CVE-2021-29104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "<", + "version_name": "All", + "version_value": "10.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000137663" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29105.json b/2021/29xxx/CVE-2021-29105.json index fdec45e17f8..f7d312e81ed 100644 --- a/2021/29xxx/CVE-2021-29105.json +++ b/2021/29xxx/CVE-2021-29105.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:19:00.000Z", "ID": "CVE-2021-29105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Services Directory version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "<", + "version_name": "All", + "version_value": "10.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000137668", + "" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29106.json b/2021/29xxx/CVE-2021-29106.json index d3561222cf6..f62eb8d85a8 100644 --- a/2021/29xxx/CVE-2021-29106.json +++ b/2021/29xxx/CVE-2021-29106.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:21:00.000Z", "ID": "CVE-2021-29106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "<", + "version_name": "All", + "version_value": "10.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user\u2019s browser." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000131992", + "" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29107.json b/2021/29xxx/CVE-2021-29107.json index 9966211384c..088332f527e 100644 --- a/2021/29xxx/CVE-2021-29107.json +++ b/2021/29xxx/CVE-2021-29107.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@esri.com", + "DATE_PUBLIC": "2021-07-09T20:23:00.000Z", "ID": "CVE-2021-29107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ArcGIS Server", + "version": { + "version_data": [ + { + "platform": "x64", + "version_affected": "=", + "version_value": "10.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Esri" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/", + "refsource": "CONFIRM", + "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/" + } + ] + }, + "source": { + "defect": [ + "BUG-000137659", + "" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29712.json b/2021/29xxx/CVE-2021-29712.json index 4647cffe26f..368412149fb 100644 --- a/2021/29xxx/CVE-2021-29712.json +++ b/2021/29xxx/CVE-2021-29712.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2021-07-08T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "6.100", + "AV": "N", + "I": "L", + "C": "L", + "UI": "R", + "S": "C", + "PR": "N", + "AC": "L", + "A": "N" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6468581", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6468581", + "title": "IBM Security Bulletin 6468581 (InfoSphere Information Server)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-infosphere-cve202129712-xss (200966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200966" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + }, + "product_name": "InfoSphere Information Server" + } + ] + } + } + ] + } }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966.", + "lang": "eng" } ] - } + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29730.json b/2021/29xxx/CVE-2021-29730.json index cd9454e96fb..f4bc297727d 100644 --- a/2021/29xxx/CVE-2021-29730.json +++ b/2021/29xxx/CVE-2021-29730.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "data_type": "CVE", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.", + "lang": "eng" } ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6468569 (InfoSphere Information Server)", + "url": "https://www.ibm.com/support/pages/node/6468569", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6468569" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-infosphere-cve202129730-sql-injection (201164)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201164" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "PR": "L", + "AC": "L", + "S": "U", + "A": "L", + "C": "L", + "SCORE": "6.300", + "AV": "N", + "I": "L", + "UI": "N" + } + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-08T00:00:00", + "ID": "CVE-2021-29730" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30129.json b/2021/30xxx/CVE-2021-30129.json index ac84cae5766..e2361ffa484 100644 --- a/2021/30xxx/CVE-2021-30129.json +++ b/2021/30xxx/CVE-2021-30129.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-30129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DoS/OOM leak vulnerability in Apache Mina SSHD Server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Mina SSHD", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "Apache Mina SSHD", + "version_value": "2.0.0" + }, + { + "version_affected": "<", + "version_name": "Apache Mina SSHD", + "version_value": "2.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "oom" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", + "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", + "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server", + "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1" + } + ] + }, + "source": { + "defect": [ + "SSHD-1125" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30184.json b/2021/30xxx/CVE-2021-30184.json index 8b1b626dd91..dd6be539675 100644 --- a/2021/30xxx/CVE-2021-30184.json +++ b/2021/30xxx/CVE-2021-30184.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ff3297913b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOGPLC77ZL2FACSOE5MWDS3YH3RBNQAQ/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-28", + "url": "https://security.gentoo.org/glsa/202107-28" } ] } diff --git a/2021/30xxx/CVE-2021-30465.json b/2021/30xxx/CVE-2021-30465.json index 8539f7edec8..b2b45802777 100644 --- a/2021/30xxx/CVE-2021-30465.json +++ b/2021/30xxx/CVE-2021-30465.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210708-0003/", "url": "https://security.netapp.com/advisory/ntap-20210708-0003/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-26", + "url": "https://security.gentoo.org/glsa/202107-26" } ] } diff --git a/2021/30xxx/CVE-2021-30639.json b/2021/30xxx/CVE-2021-30639.json index 8e01c7e5e6a..9f0ef00cde3 100644 --- a/2021/30xxx/CVE-2021-30639.json +++ b/2021/30xxx/CVE-2021-30639.json @@ -1,18 +1,84 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-30639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DoS after non-blocking IO error" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Apache Tomcat 10", + "version_value": "10.0.3 to 10.0.4" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 9", + "version_value": "9.0.44" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 8.5", + "version_value": "8.5.64" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E", + "name": "https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30640.json b/2021/30xxx/CVE-2021-30640.json index 92b03dec335..8af63d68e31 100644 --- a/2021/30xxx/CVE-2021-30640.json +++ b/2021/30xxx/CVE-2021-30640.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-30640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Auth weakness in JNDIRealm" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Apache Tomcat 10", + "version_value": "10.0.0-M1 to 10.0.5" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 9", + "version_value": "9.0.0.M1 to 9.0.45" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 8.5", + "version_value": "8.5.0 to 8.5.65" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 7", + "version_value": "7.0.0 to 7.0.108" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication weaknees" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32604.json b/2021/32xxx/CVE-2021-32604.json index fc70e9c3074..3f3e8bfc1c0 100644 --- a/2021/32xxx/CVE-2021-32604.json +++ b/2021/32xxx/CVE-2021-32604.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter." + "value": "Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka \"Share URL XSS.\"" } ] }, @@ -56,6 +56,16 @@ "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-3_release_notes.htm", "refsource": "MISC", "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-3_release_notes.htm" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/solarwinds-serv-u-1523-share-url-xss-cve-2021-32604/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/solarwinds-serv-u-1523-share-url-xss-cve-2021-32604/" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29000", + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29000" } ] } diff --git a/2021/32xxx/CVE-2021-32678.json b/2021/32xxx/CVE-2021-32678.json index ce4e3a42449..830ab49250d 100644 --- a/2021/32xxx/CVE-2021-32678.json +++ b/2021/32xxx/CVE-2021-32678.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ratelimit not applied on OCS API responses" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j" + }, + { + "name": "https://github.com/nextcloud/server/pull/27329", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/27329" + }, + { + "name": "https://hackerone.com/reports/1214158", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1214158" + } + ] + }, + "source": { + "advisory": "GHSA-48rx-3gmf-g74j", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32679.json b/2021/32xxx/CVE-2021-32679.json index dc0768d3797..ca51b1653b8 100644 --- a/2021/32xxx/CVE-2021-32679.json +++ b/2021/32xxx/CVE-2021-32679.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Filenames not escaped by default in controllers using DownloadResponse" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116: Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6" + }, + { + "name": "https://github.com/nextcloud/server/pull/27354", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/27354" + }, + { + "name": "https://hackerone.com/reports/1215263", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1215263" + } + ] + }, + "source": { + "advisory": "GHSA-3hjp-26x8-mhf6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32680.json b/2021/32xxx/CVE-2021-32680.json index 38af614f712..76053c1c421 100644 --- a/2021/32xxx/CVE-2021-32680.json +++ b/2021/32xxx/CVE-2021-32680.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Audit log is not properly logging unsetting of share expiration date" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-778: Insufficient Logging" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf" + }, + { + "name": "https://github.com/nextcloud/server/pull/27024", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/27024" + }, + { + "name": "https://hackerone.com/reports/1200810", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1200810" + } + ] + }, + "source": { + "advisory": "GHSA-fxpq-wq7c-vppf", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32688.json b/2021/32xxx/CVE-2021-32688.json index 8e0d84b0cbe..6b1834c1ef8 100644 --- a/2021/32xxx/CVE-2021-32688.json +++ b/2021/32xxx/CVE-2021-32688.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Application specific tokens can change their own scope" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48m7-7r2r-838r", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48m7-7r2r-838r" + }, + { + "name": "https://github.com/nextcloud/server/pull/27000", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/27000" + }, + { + "name": "https://hackerone.com/reports/1193321", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1193321" + } + ] + }, + "source": { + "advisory": "GHSA-48m7-7r2r-838r", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32703.json b/2021/32xxx/CVE-2021-32703.json index 8d0a62e28a8..7620883b113 100644 --- a/2021/32xxx/CVE-2021-32703.json +++ b/2021/32xxx/CVE-2021-32703.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Lack of ratelimit on shareinfo endpoint" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p" + }, + { + "name": "https://github.com/nextcloud/server/pull/26945", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/26945" + }, + { + "name": "https://hackerone.com/reports/1173684", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1173684" + } + ] + }, + "source": { + "advisory": "GHSA-375p-cxxq-gc9p", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32705.json b/2021/32xxx/CVE-2021-32705.json index 8deaeafe74a..2f5509dd123 100644 --- a/2021/32xxx/CVE-2021-32705.json +++ b/2021/32xxx/CVE-2021-32705.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Lack of ratelimit on public DAV endpoint" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_value": "< 19.0.13" + }, + { + "version_value": ">= 20.0.0, < 20.0.11" + }, + { + "version_value": ">= 21.0.0, < 21.0.3" + } + ] + } + } + ] + }, + "vendor_name": "nextcloud" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54", + "refsource": "CONFIRM", + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54" + }, + { + "name": "https://github.com/nextcloud/server/pull/27610", + "refsource": "MISC", + "url": "https://github.com/nextcloud/server/pull/27610" + }, + { + "name": "https://hackerone.com/reports/1192159", + "refsource": "MISC", + "url": "https://hackerone.com/reports/1192159" + } + ] + }, + "source": { + "advisory": "GHSA-fjv7-283f-5m54", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32753.json b/2021/32xxx/CVE-2021-32753.json index cb092aaf421..7b93f19ea09 100644 --- a/2021/32xxx/CVE-2021-32753.json +++ b/2021/32xxx/CVE-2021-32753.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "edgex-go", + "version": { + "version_data": [ + { + "version_value": "Edinburgh, Fuji, Geneva, Hanoi" + } + ] + } + } + ] + }, + "vendor_name": "edgexfoundry" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client_id and client_secret required to obtain an OAuth2 authentication token are set to the username of the proxy user. A remote network attacker can then perform a dictionary-based password attack on the OAuth2 token endpoint of the API gateway to obtain an OAuth2 authentication token and use that token to make authenticated calls to EdgeX microservices from an untrusted network. OAuth2 is the default authentication method in EdgeX Edinburgh release. The default authentication method was changed to JWT in Fuji and later releases. Users should upgrade to the EdgeX Ireland release to obtain the fix. The OAuth2 authentication method is disabled in Ireland release. If unable to upgrade and OAuth2 authentication is required, users should create OAuth2 users directly using the Kong admin API and forgo the use of the `security-proxy-setup` tool to create OAuth2 users." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-521: Weak Password Requirements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/edgexfoundry/edgex-go/security/advisories/GHSA-xph4-vmcc-52gh", + "refsource": "CONFIRM", + "url": "https://github.com/edgexfoundry/edgex-go/security/advisories/GHSA-xph4-vmcc-52gh" + }, + { + "name": "https://docs.konghq.com/hub/kong-inc/oauth2/#create-a-consumer", + "refsource": "MISC", + "url": "https://docs.konghq.com/hub/kong-inc/oauth2/#create-a-consumer" + } + ] + }, + "source": { + "advisory": "GHSA-xph4-vmcc-52gh", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33037.json b/2021/33xxx/CVE-2021-33037.json index 910b68edd42..9dce3e443f7 100644 --- a/2021/33xxx/CVE-2021-33037.json +++ b/2021/33xxx/CVE-2021-33037.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-33037", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incorrect Transfer-Encoding handling with HTTP/1.0" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Apache Tomcat 10", + "version_value": "10.0.0-M1 to 10.0.6" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 9", + "version_value": "9.0.0.M1 to 9.0.46" + }, + { + "version_affected": "=", + "version_name": "Apache Tomcat 8", + "version_value": "8.5.0 to 8.5.66" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The Apache Tomcat Security Team would like to thank Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab for identifying and reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33214.json b/2021/33xxx/CVE-2021-33214.json index 844db713111..a4063d9f678 100644 --- a/2021/33xxx/CVE-2021-33214.json +++ b/2021/33xxx/CVE-2021-33214.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33214", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33214", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://labs.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://labs.bishopfox.com/advisories" + }, + { + "url": "https://www.ewon.biz/about-us/security", + "refsource": "MISC", + "name": "https://www.ewon.biz/about-us/security" + }, + { + "url": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher", + "refsource": "MISC", + "name": "https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher" + }, + { + "refsource": "MISC", + "name": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4", + "url": "https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4" } ] } diff --git a/2021/33xxx/CVE-2021-33792.json b/2021/33xxx/CVE-2021-33792.json index f5d84eb13a8..07b23f3beda 100644 --- a/2021/33xxx/CVE-2021-33792.json +++ b/2021/33xxx/CVE-2021-33792.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33792", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33792", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" } ] } diff --git a/2021/33xxx/CVE-2021-33795.json b/2021/33xxx/CVE-2021-33795.json index bfd34472db8..d332db0837a 100644 --- a/2021/33xxx/CVE-2021-33795.json +++ b/2021/33xxx/CVE-2021-33795.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33795", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33795", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures because the certificate name, document owner, and signature author are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" } ] } diff --git a/2021/33xxx/CVE-2021-33807.json b/2021/33xxx/CVE-2021-33807.json index 2109b9c2a26..b6bd1dceb18 100644 --- a/2021/33xxx/CVE-2021-33807.json +++ b/2021/33xxx/CVE-2021-33807.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33807", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33807", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cartadis.com/gespage-website/", + "refsource": "MISC", + "name": "https://www.cartadis.com/gespage-website/" + }, + { + "url": "https://www.gespage.com", + "refsource": "MISC", + "name": "https://www.gespage.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support.gespage.com/fr/support/solutions/articles/14000130201-security-advisory-gespage-directory-traversal", + "url": "https://support.gespage.com/fr/support/solutions/articles/14000130201-security-advisory-gespage-directory-traversal" } ] } diff --git a/2021/33xxx/CVE-2021-33813.json b/2021/33xxx/CVE-2021-33813.json index 6cff298aebc..2df103d0510 100644 --- a/2021/33xxx/CVE-2021-33813.json +++ b/2021/33xxx/CVE-2021-33813.json @@ -71,6 +71,21 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210629 [SECURITY] [DLA 2696-1] libjdom2-java security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", + "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15530) High security vulnerability in jackson-databind bundled within Solr 8.9", + "url": "https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e@%3Cissues.solr.apache.org%3E" } ] } diff --git a/2021/33xxx/CVE-2021-33833.json b/2021/33xxx/CVE-2021-33833.json index 978233a6727..485e1bc9df9 100644 --- a/2021/33xxx/CVE-2021-33833.json +++ b/2021/33xxx/CVE-2021-33833.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210609 connman stack buffer overflow in dnsproxy CVE-2021-33833", "url": "http://www.openwall.com/lists/oss-security/2021/06/09/1" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-29", + "url": "https://security.gentoo.org/glsa/202107-29" } ] } diff --git a/2021/34xxx/CVE-2021-34548.json b/2021/34xxx/CVE-2021-34548.json index db7c7b35849..1f7423c6eb6 100644 --- a/2021/34xxx/CVE-2021-34548.json +++ b/2021/34xxx/CVE-2021-34548.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://blog.torproject.org/node/2041", "url": "https://blog.torproject.org/node/2041" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-25", + "url": "https://security.gentoo.org/glsa/202107-25" } ] } diff --git a/2021/34xxx/CVE-2021-34549.json b/2021/34xxx/CVE-2021-34549.json index 5ffd546b84a..bf8d06506a9 100644 --- a/2021/34xxx/CVE-2021-34549.json +++ b/2021/34xxx/CVE-2021-34549.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://blog.torproject.org/node/2041", "url": "https://blog.torproject.org/node/2041" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-25", + "url": "https://security.gentoo.org/glsa/202107-25" } ] } diff --git a/2021/34xxx/CVE-2021-34550.json b/2021/34xxx/CVE-2021-34550.json index f6cc5304126..ed8d5e16413 100644 --- a/2021/34xxx/CVE-2021-34550.json +++ b/2021/34xxx/CVE-2021-34550.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://blog.torproject.org/node/2041", "url": "https://blog.torproject.org/node/2041" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-25", + "url": "https://security.gentoo.org/glsa/202107-25" } ] } diff --git a/2021/35xxx/CVE-2021-35037.json b/2021/35xxx/CVE-2021-35037.json index 695d623c8e7..6e76b9ae75e 100644 --- a/2021/35xxx/CVE-2021-35037.json +++ b/2021/35xxx/CVE-2021-35037.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/", + "refsource": "MISC", + "name": "https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/" + }, + { + "refsource": "MISC", + "name": "https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade", + "url": "https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade" } ] } diff --git a/2021/35xxx/CVE-2021-35064.json b/2021/35xxx/CVE-2021-35064.json index 774fbd9320b..83c430aae45 100644 --- a/2021/35xxx/CVE-2021-35064.json +++ b/2021/35xxx/CVE-2021-35064.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35064", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35064", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kramerav.com/us/product/viaware", + "refsource": "MISC", + "name": "https://www.kramerav.com/us/product/viaware" } ] } diff --git a/2021/35xxx/CVE-2021-35358.json b/2021/35xxx/CVE-2021-35358.json index e9042991130..51b42a7870f 100644 --- a/2021/35xxx/CVE-2021-35358.json +++ b/2021/35xxx/CVE-2021-35358.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35358", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35358", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dotCMS/core/issues/20540", + "refsource": "MISC", + "name": "https://github.com/dotCMS/core/issues/20540" } ] } diff --git a/2021/35xxx/CVE-2021-35360.json b/2021/35xxx/CVE-2021-35360.json index 186067d10a7..e6c7768f9ca 100644 --- a/2021/35xxx/CVE-2021-35360.json +++ b/2021/35xxx/CVE-2021-35360.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35360", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35360", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dotCMS/core/issues/20541", + "refsource": "MISC", + "name": "https://github.com/dotCMS/core/issues/20541" } ] } diff --git a/2021/35xxx/CVE-2021-35361.json b/2021/35xxx/CVE-2021-35361.json index 2d680b4e8a9..86b374a2be9 100644 --- a/2021/35xxx/CVE-2021-35361.json +++ b/2021/35xxx/CVE-2021-35361.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35361", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35361", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dotCMS/core/issues/20541", + "refsource": "MISC", + "name": "https://github.com/dotCMS/core/issues/20541" } ] } diff --git a/2021/36xxx/CVE-2021-36353.json b/2021/36xxx/CVE-2021-36353.json new file mode 100644 index 00000000000..4367fa60f66 --- /dev/null +++ b/2021/36xxx/CVE-2021-36353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36354.json b/2021/36xxx/CVE-2021-36354.json new file mode 100644 index 00000000000..29c00a3f208 --- /dev/null +++ b/2021/36xxx/CVE-2021-36354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36355.json b/2021/36xxx/CVE-2021-36355.json new file mode 100644 index 00000000000..6c7d5df0400 --- /dev/null +++ b/2021/36xxx/CVE-2021-36355.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36355", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36356.json b/2021/36xxx/CVE-2021-36356.json new file mode 100644 index 00000000000..2b0a15cc3c3 --- /dev/null +++ b/2021/36xxx/CVE-2021-36356.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36356", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36357.json b/2021/36xxx/CVE-2021-36357.json new file mode 100644 index 00000000000..00ec447aa78 --- /dev/null +++ b/2021/36xxx/CVE-2021-36357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36358.json b/2021/36xxx/CVE-2021-36358.json new file mode 100644 index 00000000000..2f7c50937a2 --- /dev/null +++ b/2021/36xxx/CVE-2021-36358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36359.json b/2021/36xxx/CVE-2021-36359.json new file mode 100644 index 00000000000..db597cb3c2a --- /dev/null +++ b/2021/36xxx/CVE-2021-36359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36360.json b/2021/36xxx/CVE-2021-36360.json new file mode 100644 index 00000000000..d9d9250648b --- /dev/null +++ b/2021/36xxx/CVE-2021-36360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36361.json b/2021/36xxx/CVE-2021-36361.json new file mode 100644 index 00000000000..fdfd93ca8c8 --- /dev/null +++ b/2021/36xxx/CVE-2021-36361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36362.json b/2021/36xxx/CVE-2021-36362.json new file mode 100644 index 00000000000..e9d22862b13 --- /dev/null +++ b/2021/36xxx/CVE-2021-36362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36363.json b/2021/36xxx/CVE-2021-36363.json new file mode 100644 index 00000000000..56903e19953 --- /dev/null +++ b/2021/36xxx/CVE-2021-36363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36364.json b/2021/36xxx/CVE-2021-36364.json new file mode 100644 index 00000000000..f6c689d384d --- /dev/null +++ b/2021/36xxx/CVE-2021-36364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36365.json b/2021/36xxx/CVE-2021-36365.json new file mode 100644 index 00000000000..496ec531b39 --- /dev/null +++ b/2021/36xxx/CVE-2021-36365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36366.json b/2021/36xxx/CVE-2021-36366.json new file mode 100644 index 00000000000..b205b0aa9e4 --- /dev/null +++ b/2021/36xxx/CVE-2021-36366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36367.json b/2021/36xxx/CVE-2021-36367.json new file mode 100644 index 00000000000..d1bfa300c2c --- /dev/null +++ b/2021/36xxx/CVE-2021-36367.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", + "refsource": "MISC", + "name": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" + }, + { + "url": "https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa", + "refsource": "MISC", + "name": "https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36368.json b/2021/36xxx/CVE-2021-36368.json new file mode 100644 index 00000000000..c7930488e80 --- /dev/null +++ b/2021/36xxx/CVE-2021-36368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36369.json b/2021/36xxx/CVE-2021-36369.json new file mode 100644 index 00000000000..287cfb26a89 --- /dev/null +++ b/2021/36xxx/CVE-2021-36369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36370.json b/2021/36xxx/CVE-2021-36370.json new file mode 100644 index 00000000000..c967c7adae0 --- /dev/null +++ b/2021/36xxx/CVE-2021-36370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36371.json b/2021/36xxx/CVE-2021-36371.json new file mode 100644 index 00000000000..be1a6c5394c --- /dev/null +++ b/2021/36xxx/CVE-2021-36371.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/emissary-ingress/emissary/issues/3340", + "refsource": "MISC", + "name": "https://github.com/emissary-ingress/emissary/issues/3340" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36372.json b/2021/36xxx/CVE-2021-36372.json new file mode 100644 index 00000000000..519179b36d7 --- /dev/null +++ b/2021/36xxx/CVE-2021-36372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36373.json b/2021/36xxx/CVE-2021-36373.json new file mode 100644 index 00000000000..01b712e0baf --- /dev/null +++ b/2021/36xxx/CVE-2021-36373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36374.json b/2021/36xxx/CVE-2021-36374.json new file mode 100644 index 00000000000..e16ffd2b0ed --- /dev/null +++ b/2021/36xxx/CVE-2021-36374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36375.json b/2021/36xxx/CVE-2021-36375.json new file mode 100644 index 00000000000..9ae4e46983d --- /dev/null +++ b/2021/36xxx/CVE-2021-36375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36376.json b/2021/36xxx/CVE-2021-36376.json new file mode 100644 index 00000000000..0a7b8e06d5b --- /dev/null +++ b/2021/36xxx/CVE-2021-36376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36377.json b/2021/36xxx/CVE-2021-36377.json new file mode 100644 index 00000000000..78a52b9fc45 --- /dev/null +++ b/2021/36xxx/CVE-2021-36377.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036", + "refsource": "MISC", + "name": "https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36378.json b/2021/36xxx/CVE-2021-36378.json new file mode 100644 index 00000000000..d8c92d03dab --- /dev/null +++ b/2021/36xxx/CVE-2021-36378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36379.json b/2021/36xxx/CVE-2021-36379.json new file mode 100644 index 00000000000..b6deed43fec --- /dev/null +++ b/2021/36xxx/CVE-2021-36379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36380.json b/2021/36xxx/CVE-2021-36380.json new file mode 100644 index 00000000000..a99229a1a9c --- /dev/null +++ b/2021/36xxx/CVE-2021-36380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36381.json b/2021/36xxx/CVE-2021-36381.json new file mode 100644 index 00000000000..984200d1873 --- /dev/null +++ b/2021/36xxx/CVE-2021-36381.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.edifecs.com/services/managed-services/", + "refsource": "MISC", + "name": "https://www.edifecs.com/services/managed-services/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/rvismit/c2da674254f53c40d3a9eb3896277ebc", + "url": "https://gist.github.com/rvismit/c2da674254f53c40d3a9eb3896277ebc" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36382.json b/2021/36xxx/CVE-2021-36382.json new file mode 100644 index 00000000000..60a8c0c758c --- /dev/null +++ b/2021/36xxx/CVE-2021-36382.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2021-0005", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2021-0005" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:H/AV:A/A:N/C:L/I:N/PR:N/S:U/UI:R", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36383.json b/2021/36xxx/CVE-2021-36383.json new file mode 100644 index 00000000000..2ad0ed5b830 --- /dev/null +++ b/2021/36xxx/CVE-2021-36383.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit, Users, and Groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vatesfr/xen-orchestra/issues/5712", + "refsource": "MISC", + "name": "https://github.com/vatesfr/xen-orchestra/issues/5712" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36384.json b/2021/36xxx/CVE-2021-36384.json new file mode 100644 index 00000000000..f49e9611a36 --- /dev/null +++ b/2021/36xxx/CVE-2021-36384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36385.json b/2021/36xxx/CVE-2021-36385.json new file mode 100644 index 00000000000..f1250941340 --- /dev/null +++ b/2021/36xxx/CVE-2021-36385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36386.json b/2021/36xxx/CVE-2021-36386.json new file mode 100644 index 00000000000..2e37f3a9507 --- /dev/null +++ b/2021/36xxx/CVE-2021-36386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36387.json b/2021/36xxx/CVE-2021-36387.json new file mode 100644 index 00000000000..e15ad08c5aa --- /dev/null +++ b/2021/36xxx/CVE-2021-36387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36388.json b/2021/36xxx/CVE-2021-36388.json new file mode 100644 index 00000000000..7f064b3a283 --- /dev/null +++ b/2021/36xxx/CVE-2021-36388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36389.json b/2021/36xxx/CVE-2021-36389.json new file mode 100644 index 00000000000..382f94b0d4a --- /dev/null +++ b/2021/36xxx/CVE-2021-36389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36390.json b/2021/36xxx/CVE-2021-36390.json new file mode 100644 index 00000000000..867e03725af --- /dev/null +++ b/2021/36xxx/CVE-2021-36390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36391.json b/2021/36xxx/CVE-2021-36391.json new file mode 100644 index 00000000000..627c87134ed --- /dev/null +++ b/2021/36xxx/CVE-2021-36391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36392.json b/2021/36xxx/CVE-2021-36392.json new file mode 100644 index 00000000000..f038b487382 --- /dev/null +++ b/2021/36xxx/CVE-2021-36392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36393.json b/2021/36xxx/CVE-2021-36393.json new file mode 100644 index 00000000000..8ee526f1e6a --- /dev/null +++ b/2021/36xxx/CVE-2021-36393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36394.json b/2021/36xxx/CVE-2021-36394.json new file mode 100644 index 00000000000..84e1d6eb626 --- /dev/null +++ b/2021/36xxx/CVE-2021-36394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36395.json b/2021/36xxx/CVE-2021-36395.json new file mode 100644 index 00000000000..2e5068e96f9 --- /dev/null +++ b/2021/36xxx/CVE-2021-36395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36396.json b/2021/36xxx/CVE-2021-36396.json new file mode 100644 index 00000000000..5e82cb86707 --- /dev/null +++ b/2021/36xxx/CVE-2021-36396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36397.json b/2021/36xxx/CVE-2021-36397.json new file mode 100644 index 00000000000..4fa1ce89e8e --- /dev/null +++ b/2021/36xxx/CVE-2021-36397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36398.json b/2021/36xxx/CVE-2021-36398.json new file mode 100644 index 00000000000..c90f29d7ef3 --- /dev/null +++ b/2021/36xxx/CVE-2021-36398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36399.json b/2021/36xxx/CVE-2021-36399.json new file mode 100644 index 00000000000..14219d1d9ff --- /dev/null +++ b/2021/36xxx/CVE-2021-36399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36400.json b/2021/36xxx/CVE-2021-36400.json new file mode 100644 index 00000000000..ea8a6f8cf51 --- /dev/null +++ b/2021/36xxx/CVE-2021-36400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36401.json b/2021/36xxx/CVE-2021-36401.json new file mode 100644 index 00000000000..bac0098c7d6 --- /dev/null +++ b/2021/36xxx/CVE-2021-36401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36402.json b/2021/36xxx/CVE-2021-36402.json new file mode 100644 index 00000000000..637da7ac64b --- /dev/null +++ b/2021/36xxx/CVE-2021-36402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36403.json b/2021/36xxx/CVE-2021-36403.json new file mode 100644 index 00000000000..5bb4ff5e4dd --- /dev/null +++ b/2021/36xxx/CVE-2021-36403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3308.json b/2021/3xxx/CVE-2021-3308.json index 3417b2328c1..ad7be0a1a88 100644 --- a/2021/3xxx/CVE-2021-3308.json +++ b/2021/3xxx/CVE-2021-3308.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-16c9c40d4d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-30", + "url": "https://security.gentoo.org/glsa/202107-30" } ] } diff --git a/2021/3xxx/CVE-2021-3474.json b/2021/3xxx/CVE-2021-3474.json index a330dcf4046..a0b2a083c85 100644 --- a/2021/3xxx/CVE-2021-3474.json +++ b/2021/3xxx/CVE-2021-3474.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3475.json b/2021/3xxx/CVE-2021-3475.json index 2c95b268485..52ff11020d6 100644 --- a/2021/3xxx/CVE-2021-3475.json +++ b/2021/3xxx/CVE-2021-3475.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3476.json b/2021/3xxx/CVE-2021-3476.json index 9de9ec1b8e2..594ebd7b464 100644 --- a/2021/3xxx/CVE-2021-3476.json +++ b/2021/3xxx/CVE-2021-3476.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3477.json b/2021/3xxx/CVE-2021-3477.json index 50816b64b53..9abb3b59ce2 100644 --- a/2021/3xxx/CVE-2021-3477.json +++ b/2021/3xxx/CVE-2021-3477.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3478.json b/2021/3xxx/CVE-2021-3478.json index a2fb42cdaca..dc9a2c88fa9 100644 --- a/2021/3xxx/CVE-2021-3478.json +++ b/2021/3xxx/CVE-2021-3478.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3479.json b/2021/3xxx/CVE-2021-3479.json index 3964b157a0e..bd1d133fac3 100644 --- a/2021/3xxx/CVE-2021-3479.json +++ b/2021/3xxx/CVE-2021-3479.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-27", + "url": "https://security.gentoo.org/glsa/202107-27" } ] }, diff --git a/2021/3xxx/CVE-2021-3541.json b/2021/3xxx/CVE-2021-3541.json index b9ead0010d5..8f38facc54e 100644 --- a/2021/3xxx/CVE-2021-3541.json +++ b/2021/3xxx/CVE-2021-3541.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libxml2", + "version": { + "version_data": [ + { + "version_value": "2.9.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service." } ] } diff --git a/2021/3xxx/CVE-2021-3547.json b/2021/3xxx/CVE-2021-3547.json index a3cf99d92cd..bc97bfeb618 100644 --- a/2021/3xxx/CVE-2021-3547.json +++ b/2021/3xxx/CVE-2021-3547.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@openvpn.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenVPN 3 Core Library", + "version": { + "version_data": [ + { + "version_value": "3.6 and 3.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-305: Authentication Bypass by Primary Weakness" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements", + "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements" + }, + { + "refsource": "MISC", + "name": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547", + "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration." } ] } diff --git a/2021/3xxx/CVE-2021-3630.json b/2021/3xxx/CVE-2021-3630.json index 47ccabcb9bd..726042555a6 100644 --- a/2021/3xxx/CVE-2021-3630.json +++ b/2021/3xxx/CVE-2021-3630.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2702-1] djvulibre security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-fd6f2727c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVKYWV4P5XGA3FXKGFB443MKC32L7YQB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-7514c11a37", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3B4QZCICPZRDXA2HOIACSQNZB2VEHSM/" } ] }, diff --git a/2021/3xxx/CVE-2021-3641.json b/2021/3xxx/CVE-2021-3641.json new file mode 100644 index 00000000000..ed71c369712 --- /dev/null +++ b/2021/3xxx/CVE-2021-3641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3642.json b/2021/3xxx/CVE-2021-3642.json new file mode 100644 index 00000000000..b1836268443 --- /dev/null +++ b/2021/3xxx/CVE-2021-3642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file