diff --git a/2020/12xxx/CVE-2020-12365.json b/2020/12xxx/CVE-2020-12365.json index 1b7a030c63a..c8a773a93c4 100644 --- a/2020/12xxx/CVE-2020-12365.json +++ b/2020/12xxx/CVE-2020-12365.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access." } ] } diff --git a/2020/35xxx/CVE-2020-35339.json b/2020/35xxx/CVE-2020-35339.json index 5c5c8c3056f..6c3b5030065 100644 --- a/2020/35xxx/CVE-2020-35339.json +++ b/2020/35xxx/CVE-2020-35339.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35339", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35339", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.74cms.com/download/index.html", + "refsource": "MISC", + "name": "http://www.74cms.com/download/index.html" + }, + { + "url": "https://github.com/BigTiger2020/74cms-rce/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/BigTiger2020/74cms-rce/blob/main/README.md" } ] } diff --git a/2020/36xxx/CVE-2020-36002.json b/2020/36xxx/CVE-2020-36002.json index f948eb0e626..93b0547f15a 100644 --- a/2020/36xxx/CVE-2020-36002.json +++ b/2020/36xxx/CVE-2020-36002.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36002", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36002", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/BigTiger2020/Seat-Reservation-System", + "refsource": "MISC", + "name": "https://github.com/BigTiger2020/Seat-Reservation-System" + }, + { + "url": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php_0.zip" + }, + { + "url": "https://www.sourcecodester.com/php/14452/seat-reservation-system-movie-theater-project-using-phpmysql.htm", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14452/seat-reservation-system-movie-theater-project-using-phpmysql.htm" } ] } diff --git a/2020/36xxx/CVE-2020-36003.json b/2020/36xxx/CVE-2020-36003.json index 60d5059b569..29265f86d58 100644 --- a/2020/36xxx/CVE-2020-36003.json +++ b/2020/36xxx/CVE-2020-36003.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36003", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36003", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14383/online-book-store.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14383/online-book-store.html" + }, + { + "url": "https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store" + }, + { + "url": "https://github.com/TCSWT/Online-Book-Store/blob/main/Online-Book-Store.md", + "refsource": "MISC", + "name": "https://github.com/TCSWT/Online-Book-Store/blob/main/Online-Book-Store.md" } ] } diff --git a/2021/22xxx/CVE-2021-22173.json b/2021/22xxx/CVE-2021-22173.json index bb1f4da0396..841017e1275 100644 --- a/2021/22xxx/CVE-2021-22173.json +++ b/2021/22xxx/CVE-2021-22173.json @@ -4,15 +4,85 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=3.4.0, <3.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing release of memory after effective lifetime in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2021-01.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2021-01.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/17124", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/17124", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file" } ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.6, + "baseSeverity": "LOW" + } } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22174.json b/2021/22xxx/CVE-2021-22174.json index d292c766d8c..2dd27a1c7fa 100644 --- a/2021/22xxx/CVE-2021-22174.json +++ b/2021/22xxx/CVE-2021-22174.json @@ -4,15 +4,85 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=3.4.0, <3.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled memory allocation in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2021-02.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2021-02.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/17165", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/17165", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file" } ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.6, + "baseSeverity": "LOW" + } } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25779.json b/2021/25xxx/CVE-2021-25779.json index a45526ba424..d31e2fab144 100644 --- a/2021/25xxx/CVE-2021-25779.json +++ b/2021/25xxx/CVE-2021-25779.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25779", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25779", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TCSWT/Baby-Care-System/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/TCSWT/Baby-Care-System/blob/main/README.md" } ] } diff --git a/2021/25xxx/CVE-2021-25780.json b/2021/25xxx/CVE-2021-25780.json index 5ed6359675e..c4863afc74d 100644 --- a/2021/25xxx/CVE-2021-25780.json +++ b/2021/25xxx/CVE-2021-25780.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TCSWT/Baby-Care-System/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/TCSWT/Baby-Care-System/blob/main/README.md" } ] } diff --git a/2021/26xxx/CVE-2021-26559.json b/2021/26xxx/CVE-2021-26559.json index 4aa3e0bc4c2..5c5ab1af6ee 100644 --- a/2021/26xxx/CVE-2021-26559.json +++ b/2021/26xxx/CVE-2021-26559.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. \n\nThis allowed a privilege escalation attack.\n\nThis issue affects Apache Airflow 2.0.0." + "value": "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0." } ] }, @@ -66,8 +66,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E" } ] }, @@ -80,4 +81,4 @@ "value": "Upgrade to Airflow 2.0.1 or remove `can read on Configurations` permission from the roles like Viewer and Users if you want to restrict users with those roles to view configurations in 2.0.0." } ] -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26697.json b/2021/26xxx/CVE-2021-26697.json index 6713666b892..61acd45f126 100644 --- a/2021/26xxx/CVE-2021-26697.json +++ b/2021/26xxx/CVE-2021-26697.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint.\n\nThis is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task.\n\nThis issue affects Apache Airflow 2.0.0." + "value": "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0." } ] }, @@ -66,12 +66,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E" + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", + "name": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26809.json b/2021/26xxx/CVE-2021-26809.json index ccb82614c62..9f3d1b5c9d2 100644 --- a/2021/26xxx/CVE-2021-26809.json +++ b/2021/26xxx/CVE-2021-26809.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26809", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26809", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/161267/Car-Rental-Project-2.0-Shell-Upload.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/161267/Car-Rental-Project-2.0-Shell-Upload.html" + }, + { + "url": "https://www.exploit-db.com/exploits/49520", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49520" } ] }