admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #471 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-07-12 12:03:20 -04:00 committed by GitHub
commit cd8e7f3db1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
201 changed files with 6517 additions and 414 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/9xxx/CVE-2019-9070.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4336-1",
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9071.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4336-1",
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9072.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K12541829",
"url": "https://support.f5.com/csp/article/K12541829"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9073.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU",
"name": "USN-4336-1",
"url": "https://usn.ubuntu.com/4336-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9074.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1804",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9075.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1804",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9076.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K44650639",
"url": "https://support.f5.com/csp/article/K44650639"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2019/9xxx/CVE-2019-9077.json
View File

@ -86,6 +86,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1804",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2020/11xxx/CVE-2020-11758.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11759.json
View File

@ -121,6 +121,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

10
2020/11xxx/CVE-2020-11760.json
View File

@ -112,6 +112,11 @@
"name": "https://support.apple.com/kb/HT211295",
"url": "https://support.apple.com/kb/HT211295"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT211294",
"url": "https://support.apple.com/kb/HT211294"
},
{
"refsource": "DEBIAN",
"name": "DSA-4755",
@ -121,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11761.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11762.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11763.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11764.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/11xxx/CVE-2020-11765.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/15xxx/CVE-2020-15304.json
View File

@ -91,6 +91,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1015",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00048.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/15xxx/CVE-2020-15305.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

5
2020/15xxx/CVE-2020-15306.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200830 [SECURITY] [DLA 2358-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
}

56
2020/18xxx/CVE-2020-18979.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via theX-forwarded-for Header parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/halo-dev/halo/issues/126",
"refsource": "MISC",
"name": "https://github.com/halo-dev/halo/issues/126"
}
]
}

56
2020/18xxx/CVE-2020-18980.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/halo-dev/halo/issues/134",
"refsource": "MISC",
"name": "https://github.com/halo-dev/halo/issues/134"
}
]
}

61
2020/19xxx/CVE-2020-19201.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). The impact is: Authenticated Stored XSS in NAT Configuration (local). The component is: Description Text box, Status/Reload Filter Page. The attack vector is: An attacker get access to the victim's session by performing the CSRF and gather the cookie and session ids or possibly can change the victims NAT configuration using this Stored XSS. This attack can possibly spoof the victim's informations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.pfsense.org/download/",
"refsource": "MISC",
"name": "https://www.pfsense.org/download/"
},
{
"refsource": "MISC",
"name": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html",
"url": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html"
}
]
}

61
2020/19xxx/CVE-2020-19203.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19203",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netgate pfSense Community Edition 2.4.4 - p2 (arm64) is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking, Information Leakage (local). The component is: pfSense Dashboard, Work-on-LAN Service configuration. The attack vector is: Inject the malicious JavaScript code in Description text box or parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.pfsense.org/download/",
"refsource": "MISC",
"name": "https://www.pfsense.org/download/"
},
{
"refsource": "MISC",
"name": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html",
"url": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html"
}
]
}

61
2020/19xxx/CVE-2020-19204.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 is affected by: Cross Site Scripting (XSS). The impact is: Session Hijacking (local). The component is: Affected at Routing configuration via the \"Remark\" text box or \"remark\" parameter. The attack vector is: Attacker need to craft the malicious javascript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.lightningwirelabs.com",
"refsource": "MISC",
"name": "https://www.lightningwirelabs.com"
},
{
"refsource": "MISC",
"name": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released",
"url": "https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released"
}
]
}

61
2020/21xxx/CVE-2020-21131.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SZFsir/tmpProject/issues/3",
"refsource": "MISC",
"name": "https://github.com/SZFsir/tmpProject/issues/3"
},
{
"refsource": "MISC",
"name": "https://www.mituo.cn/news/2473.html",
"url": "https://www.mituo.cn/news/2473.html"
}
]
}

61
2020/21xxx/CVE-2020-21132.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Metinfo 7.0.0beta in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SZFsir/tmpProject/issues/2",
"refsource": "MISC",
"name": "https://github.com/SZFsir/tmpProject/issues/2"
},
{
"refsource": "MISC",
"name": "https://www.mituo.cn/news/2473.html",
"url": "https://www.mituo.cn/news/2473.html"
}
]
}

61
2020/21xxx/CVE-2020-21133.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SZFsir/tmpProject/issues/1",
"refsource": "MISC",
"name": "https://github.com/SZFsir/tmpProject/issues/1"
},
{
"refsource": "MISC",
"name": "https://www.mituo.cn/news/2473.html",
"url": "https://www.mituo.cn/news/2473.html"
}
]
}

56
2020/21xxx/CVE-2020-21333.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sanluan/PublicCMS/issues/27",
"refsource": "MISC",
"name": "https://github.com/sanluan/PublicCMS/issues/27"
}
]
}

56
2020/25xxx/CVE-2020-25391.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/cszcms/tickets/1/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/cszcms/tickets/1/"
}
]
}

56
2020/25xxx/CVE-2020-25392.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/cszcms/tickets/2/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/cszcms/tickets/2/"
}
]
}

56
2020/25xxx/CVE-2020-25394.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \"Content\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mozilo/mozilo2.0/issues/28",
"refsource": "MISC",
"name": "https://github.com/mozilo/mozilo2.0/issues/28"
}
]
}

61
2020/25xxx/CVE-2020-25875.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://codoforum.com/",
"refsource": "MISC",
"name": "https://codoforum.com/"
},
{
"url": "https://github.com/r0ck3t1973/xss_payload/issues/4",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/xss_payload/issues/4"
}
]
}

61
2020/25xxx/CVE-2020-25876.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://codoforum.com/",
"refsource": "MISC",
"name": "https://codoforum.com/"
},
{
"url": "https://github.com/r0ck3t1973/xss_payload/issues/3",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/xss_payload/issues/3"
}
]
}

61
2020/25xxx/CVE-2020-25877.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401",
"refsource": "MISC",
"name": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/401"
},
{
"url": "https://blackcat-cms.org/",
"refsource": "MISC",
"name": "https://blackcat-cms.org/"
}
]
}

61
2020/25xxx/CVE-2020-25878.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blackcat-cms.org/",
"refsource": "MISC",
"name": "https://blackcat-cms.org/"
},
{
"url": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/402",
"refsource": "MISC",
"name": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/402"
}
]
}

61
2020/25xxx/CVE-2020-25879.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://codoforum.com/",
"refsource": "MISC",
"name": "https://codoforum.com/"
},
{
"url": "https://github.com/r0ck3t1973/xss_payload/issues/5",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/xss_payload/issues/5"
}
]
}

66
2020/29xxx/CVE-2020-29014.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiSandbox",
"version": {
"version_data": [
{
"version_value": "FortiSandbox before 3.2.2"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-185",
"url": "https://fortiguard.com/advisory/FG-IR-20-185"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands."
}
]
}

5
2020/29xxx/CVE-2020-29479.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df772b417b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29486.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df772b417b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29487.json
View File

@ -56,6 +56,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-354.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-354.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29566.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df772b417b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29567.json
View File

@ -61,6 +61,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-64859a826b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29568.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29569.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29570.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df772b417b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/29xxx/CVE-2020-29571.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-df772b417b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
}

5
2020/35xxx/CVE-2020-35448.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210129-0008/",
"url": "https://security.netapp.com/advisory/ntap-20210129-0008/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
}

5
2020/35xxx/CVE-2020-35493.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
},

5
2020/35xxx/CVE-2020-35494.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
},

5
2020/35xxx/CVE-2020-35495.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
},

5
2020/35xxx/CVE-2020-35496.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
},

5
2020/35xxx/CVE-2020-35507.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210212-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-24",
"url": "https://security.gentoo.org/glsa/202107-24"
}
]
},

56
2020/35xxx/CVE-2020-35984.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/r0ck3t1973/rukovoditel/issues/4",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/rukovoditel/issues/4"
}
]
}

56
2020/35xxx/CVE-2020-35985.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Global Lists\" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/r0ck3t1973/rukovoditel/issues/3",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/rukovoditel/issues/3"
}
]
}

56
2020/35xxx/CVE-2020-35986.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/r0ck3t1973/rukovoditel/issues/2",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/rukovoditel/issues/2"
}
]
}

56
2020/35xxx/CVE-2020-35987.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/r0ck3t1973/rukovoditel/issues/1",
"refsource": "MISC",
"name": "https://github.com/r0ck3t1973/rukovoditel/issues/1"
}
]
}

81
2020/7xxx/CVE-2020-7872.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DaviewIndy",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "8.98.7.0 and prior",
"version_value": "8.98.8.0"
}
]
}
}
]
},
"vendor_name": "HumanTalk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "http://datools.kr/zeroboard/view.php?id=datools_notice&page=5&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=506",
"name": "http://datools.kr/zeroboard/view.php?id=datools_notice&page=5&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&desc=asc&no=506"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2020/9xxx/CVE-2020-9484.json
View File

@ -228,6 +228,11 @@
"refsource": "MLIST",
"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
}
]
},

5
2021/0xxx/CVE-2021-0089.json
View File

@ -78,6 +78,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-993693c914",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
},

56
2021/20xxx/CVE-2021-20024.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall Switch",
"version": {
"version_data": [
{
"version_value": "1.0.0.5-16 and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011"
}
]
}

5
2021/20xxx/CVE-2021-20296.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-27",
"url": "https://security.gentoo.org/glsa/202107-27"
}
]
},

5
2021/20xxx/CVE-2021-20640.json
View File

@ -53,6 +53,11 @@
"url": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN96783542/index.html"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21284.json
View File

@ -106,6 +106,11 @@
"refsource": "DEBIAN",
"name": "DSA-4865",
"url": "https://www.debian.org/security/2021/dsa-4865"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-23",
"url": "https://security.gentoo.org/glsa/202107-23"
}
]
},

5
2021/21xxx/CVE-2021-21285.json
View File

@ -106,6 +106,11 @@
"refsource": "DEBIAN",
"name": "DSA-4865",
"url": "https://www.debian.org/security/2021/dsa-4865"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-23",
"url": "https://security.gentoo.org/glsa/202107-23"
}
]
},

5
2021/21xxx/CVE-2021-21295.json
View File

@ -438,6 +438,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[jackrabbit-dev] 20210709 [GitHub] [jackrabbit-oak] blackat opened a new pull request #321: Update netty to resolve CVE-2021-21295 and BDSA-2018-4022",
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3@%3Cdev.jackrabbit.apache.org%3E"
}
]
},

66
2021/21xxx/CVE-2021-21588.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-01",
"ID": "CVE-2021-21588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerFlex",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189265",
"name": "https://www.dell.com/support/kbdoc/000189265"
}
]
}

66
2021/21xxx/CVE-2021-21589.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-01",
"ID": "CVE-2021-21589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.0.0.5.394"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189204",
"name": "https://www.dell.com/support/kbdoc/000189204"
}
]
}

66
2021/21xxx/CVE-2021-21590.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-01",
"ID": "CVE-2021-21590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.0.0.5.394"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189204",
"name": "https://www.dell.com/support/kbdoc/000189204"
}
]
}

66
2021/21xxx/CVE-2021-21591.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-01",
"ID": "CVE-2021-21591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unity",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.0.0.5.394"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.4,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189204",
"name": "https://www.dell.com/support/kbdoc/000189204"
}
]
}

66
2021/22xxx/CVE-2021-22129.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 6.4.5"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-023",
"url": "https://fortiguard.com/advisory/FG-IR-21-023"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
}
]
}

88
2021/22xxx/CVE-2021-22515.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-04-29T16:40:00.000Z",
"ID": "CVE-2021-22515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Advanced Authentication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NetIQ Advanced Authentication",
"version_value": "6.3 SP4 Patch 1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication. "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to NetIQ Advanced Authentication Framework 6.3 SP4 Patch 1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2021/22xxx/CVE-2021-22916.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/brave/brave-core",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.26.60"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1203842",
"url": "https://hackerone.com/reports/1203842"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure."
}
]
}

50
2021/22xxx/CVE-2021-22917.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/brave/brave-core",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (CWE-200)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1077022",
"url": "https://hackerone.com/reports/1077022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled."
}
]
}

55
2021/22xxx/CVE-2021-22918.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 16.4.1, 14.17.2, and 12.22.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1209681",
"url": "https://hackerone.com/reports/1209681"
},
{
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo()."
}
]
}

55
2021/22xxx/CVE-2021-22921.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 16.4.1, 14.17.2, and 12.22.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource (CWE-732)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/"
},
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/1211160",
"url": "https://hackerone.com/reports/1211160"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking."
}
]
}

91
2021/23xxx/CVE-2021-23389.json
View File

@ -3,16 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-07-12T15:10:39.617762Z",
"ID": "CVE-2021-23389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "total.js",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.4.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607",
"name": "https://snyk.io/vuln/SNYK-JS-TOTALJS-1088607"
},
{
"refsource": "MISC",
"url": "https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631",
"name": "https://github.com/totaljs/framework/blob/master/utils.js%23L6606-L6631"
},
{
"refsource": "MISC",
"url": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3",
"name": "https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (@d3lla)"
},
{
"lang": "eng",
"value": "Agustin Gianni"
}
]
}

87
2021/23xxx/CVE-2021-23390.json
View File

@ -3,16 +3,95 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-07-12T15:10:50.625348Z",
"ID": "CVE-2021-23390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "total4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.0.43"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-TOTAL4-1130527",
"name": "https://snyk.io/vuln/SNYK-JS-TOTAL4-1130527"
},
{
"refsource": "MISC",
"url": "https://github.com/totaljs/framework4/blob/master/utils.js%23L5430-L5455",
"name": "https://github.com/totaljs/framework4/blob/master/utils.js%23L5430-L5455"
},
{
"refsource": "MISC",
"url": "https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821",
"name": "https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (@d3lla)"
}
]
}

66
2021/24xxx/CVE-2021-24007.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 6.4.4"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-012",
"url": "https://fortiguard.com/advisory/FG-IR-21-012"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
}
]
}

66
2021/24xxx/CVE-2021-24013.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 6.4.4"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-014",
"url": "https://fortiguard.com/advisory/FG-IR-21-014"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests."
}
]
}

66
2021/24xxx/CVE-2021-24015.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 6.4.4"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-021",
"url": "https://fortiguard.com/advisory/FG-IR-21-021"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests."
}
]
}

66
2021/24xxx/CVE-2021-24020.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 6.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-027",
"url": "https://fortiguard.com/advisory/FG-IR-21-027"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification."
}
]
}

66
2021/26xxx/CVE-2021-26088.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FSSO Windows DC Agent, FSSO Windows CA",
"version": {
"version_data": [
{
"version_value": "FSSO Windows DC Agent 5.0.295, 5.0.294; FSSO Windows CA 5.0.295, 5.0.294"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Adjacent",
"availabilityImpact": "Low",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 287 - Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-191",
"url": "https://fortiguard.com/advisory/FG-IR-20-191"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets."
}
]
}

66
2021/26xxx/CVE-2021-26089.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClientMac",
"version": {
"version_data": [
{
"version_value": "FortiClientMac 6.4.3 and below"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-022",
"url": "https://fortiguard.com/advisory/FG-IR-21-022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase."
}
]
}

66
2021/26xxx/CVE-2021-26090.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-042",
"url": "https://fortiguard.com/advisory/FG-IR-21-042"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests."
}
]
}

66
2021/26xxx/CVE-2021-26099.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 7.0.0"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-244",
"url": "https://fortiguard.com/advisory/FG-IR-20-244"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext."
}
]
}

66
2021/26xxx/CVE-2021-26100.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiMail",
"version": {
"version_data": [
{
"version_value": "FortiMail before 7.0.0"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "High",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 5.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-21-003",
"url": "https://fortiguard.com/advisory/FG-IR-21-003"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible."
}
]
}

66
2021/26xxx/CVE-2021-26106.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAP-W2, FortiAP-S, FortiAP",
"version": {
"version_data": [
{
"version_value": "FortiAP-W2 6.2.4 through 6.2.5; FortiAP-S 6.2.4 through 6.2.5; FortiAP 6.4.1 through 6.4.5"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-210",
"url": "https://fortiguard.com/advisory/FG-IR-20-210"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments."
}
]
}

5
2021/26xxx/CVE-2021-26313.json
View File

@ -102,6 +102,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-993693c914",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
},

5
2021/26xxx/CVE-2021-26675.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://kunnamon.io/tbone/",
"url": "https://kunnamon.io/tbone/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-29",
"url": "https://security.gentoo.org/glsa/202107-29"
}
]
}

5
2021/26xxx/CVE-2021-26676.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://kunnamon.io/tbone/",
"url": "https://kunnamon.io/tbone/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-29",
"url": "https://security.gentoo.org/glsa/202107-29"
}
]
}

61
2021/27xxx/CVE-2021-27293.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://restsharp.dev/",
"refsource": "MISC",
"name": "https://restsharp.dev/"
},
{
"refsource": "MISC",
"name": "https://github.com/restsharp/RestSharp/issues/1556",
"url": "https://github.com/restsharp/RestSharp/issues/1556"
}
]
}

5
2021/28xxx/CVE-2021-28089.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-e68317166d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-25",
"url": "https://security.gentoo.org/glsa/202107-25"
}
]
}

5
2021/28xxx/CVE-2021-28090.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-e68317166d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-25",
"url": "https://security.gentoo.org/glsa/202107-25"
}
]
}

10
2021/28xxx/CVE-2021-28163.json
View File

@ -154,6 +154,16 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
}
]
}

10
2021/28xxx/CVE-2021-28164.json
View File

@ -126,6 +126,16 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
}
]
}

10
2021/28xxx/CVE-2021-28165.json
View File

@ -577,6 +577,16 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
}
]
}

10
2021/28xxx/CVE-2021-28293.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"url": "http://aisiem.com",
"refsource": "MISC",
"name": "http://aisiem.com"
},
{
"refsource": "MISC",
"name": "https://0xdb9.in/2021/06/07/cve-2021-28293.html",
"url": "https://0xdb9.in/2021/06/07/cve-2021-28293.html"
},
{
"refsource": "MISC",
"name": "https://www.seceon.com/advanced-siem-aisiem",
"url": "https://www.seceon.com/advanced-siem-aisiem"
}
]
}

5
2021/28xxx/CVE-2021-28687.json
View File

@ -121,6 +121,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-368.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-368.txt"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
},

5
2021/28xxx/CVE-2021-28690.json
View File

@ -121,6 +121,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-377.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-377.txt"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
},

5
2021/28xxx/CVE-2021-28691.json
View File

@ -101,6 +101,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-374.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-374.txt"
},
{
"refsource": "GENTOO",
"name": "GLSA-202107-30",
"url": "https://security.gentoo.org/glsa/202107-30"
}
]
},

Some files were not shown because too many files have changed in this diff Show More