admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #440 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-05-11 11:40:03 -04:00 committed by GitHub
commit d146967aff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
220 changed files with 6984 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/5xxx/CVE-2019-5317.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2019/5xxx/CVE-2019-5319.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

10
2019/8xxx/CVE-2019-8259.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8260.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8261.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8262.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8263.json
View File

@ -72,6 +72,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8264.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8265.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8275.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

10
2019/8xxx/CVE-2019-8277.json
View File

@ -58,6 +58,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
},

10
2019/8xxx/CVE-2019-8280.json
View File

@ -67,6 +67,16 @@
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
}
]
}

5
2020/0xxx/CVE-2020-0590.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201113-0001/",
"url": "https://security.netapp.com/advisory/ntap-20201113-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
]
},

5
2020/0xxx/CVE-2020-0591.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201113-0001/",
"url": "https://security.netapp.com/advisory/ntap-20201113-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf"
}
]
},

5
2020/15xxx/CVE-2020-15798.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
}
]
}

56
2020/18xxx/CVE-2020-18102.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component \"/controller/publishHotel.php\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/FantasticLBP/Hotels_Server/issues/3",
"refsource": "MISC",
"name": "https://github.com/FantasticLBP/Hotels_Server/issues/3"
}
]
}

56
2020/19xxx/CVE-2020-19199.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/qinggan/phpok/issues/5",
"refsource": "MISC",
"name": "https://github.com/qinggan/phpok/issues/5"
}
]
}

56
2020/20xxx/CVE-2020-20265.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}

56
2020/20xxx/CVE-2020-20267.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-20267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-20267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2021/May/12",
"url": "http://seclists.org/fulldisclosure/2021/May/12"
}
]
}

56
2020/23xxx/CVE-2020-23369.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yzmcms/yzmcms/issues/46",
"refsource": "MISC",
"name": "https://github.com/yzmcms/yzmcms/issues/46"
}
]
}

56
2020/23xxx/CVE-2020-23370.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23370",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yzmcms/yzmcms/issues/45",
"refsource": "MISC",
"name": "https://github.com/yzmcms/yzmcms/issues/45"
}
]
}

56
2020/23xxx/CVE-2020-23371.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nangge/noneCms/issues/30",
"refsource": "MISC",
"name": "https://github.com/nangge/noneCms/issues/30"
}
]
}

56
2020/23xxx/CVE-2020-23373.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nangge/noneCms/issues/33",
"refsource": "MISC",
"name": "https://github.com/nangge/noneCms/issues/33"
}
]
}

56
2020/23xxx/CVE-2020-23374.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nangge/noneCms/issues/32",
"refsource": "MISC",
"name": "https://github.com/nangge/noneCms/issues/32"
}
]
}

56
2020/23xxx/CVE-2020-23376.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nangge/noneCms/issues/35",
"refsource": "MISC",
"name": "https://github.com/nangge/noneCms/issues/35"
}
]
}

56
2020/23xxx/CVE-2020-23575.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "EXPLOIT-DB",
"name": "48561",
"url": "https://www.exploit-db.com/exploits/48561"
}
]
}

5
2020/24xxx/CVE-2020-24635.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2020/24xxx/CVE-2020-24636.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2020/25xxx/CVE-2020-25649.json
View File

@ -313,6 +313,11 @@
"refsource": "MLIST",
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
}
]
},

5
2020/25xxx/CVE-2020-25705.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf"
}
]
},

10
2020/27xxx/CVE-2020-27216.json
View File

@ -650,6 +650,16 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210426 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r9c010b79140452294292379183e7fe8e3533c5bb4db3f3fb39a6df61@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210510 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r73b5a9b677b707bbb7c1469ea746312c47838b312603bada9e382bba@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210510 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r8fead0144bb84d8714695c43607dca9c5101aa028a431ec695882fe5@%3Cissues.beam.apache.org%3E"
}
]
}

50
2020/27xxx/CVE-2020-27226.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1202",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1202"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018quickFile.jsp\u2019 page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27229.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A number of exploitable SQL injection vulnerabilities exists in \u2018patientslist.do\u2019 page of OpenClinic GA 5.173.3 application. The findPersonID parameter in \u2018\u2018patientslist.do\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27230.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A number of exploitable SQL injection vulnerabilities exists in \u2018patientslist.do\u2019 page of OpenClinic GA 5.173.3 application. The findSector parameter in \u2018\u2018patientslist.do\u2019 page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27231.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1205"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A number of exploitable SQL injection vulnerabilities exists in \u2018patientslist.do\u2019 page of OpenClinic GA 5.173.3 application. The findDistrict parameter in \u2018\u2018patientslist.do\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27232.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1206",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1206"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018manageServiceStocks.jsp\u2019 page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27242.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018listImmoLabels.jsp\u2019 page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the \u2018listImmoLabels.jsp\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27243.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018listImmoLabels.jsp\u2019 page of OpenClinic GA 5.173.3 application. The immoService parameter in the \u2018listImmoLabels.jsp\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27244.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018listImmoLabels.jsp\u2019 page of OpenClinic GA 5.173.3 application. The immoCode parameter in the \u2018listImmoLabels.jsp\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27245.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018listImmoLabels.jsp\u2019 page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the \u2018listImmoLabels.jsp\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27246.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1208"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018listImmoLabels.jsp\u2019 page of OpenClinic GA 5.173.3 application. The immoComment parameter in the \u2018listImmoLabels.jsp\u2019 page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

10
2020/28xxx/CVE-2020-28018.json
View File

@ -56,6 +56,16 @@
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210511 [CVE-2020-28018] Use-After-Free on Exim Question",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/5"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210511 Re: [CVE-2020-28018] Use-After-Free on Exim Question",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/6"
}
]
}

5
2020/28xxx/CVE-2020-28337.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://sl1nki.page/blog/2021/02/01/microweber-zip-slip",
"url": "https://sl1nki.page/blog/2021/02/01/microweber-zip-slip"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html"
}
]
}

50
2020/28xxx/CVE-2020-28588.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Linux Kernel v5.10-rc4,Linux Kernel v5.4.66,Linux Kernel v5.9.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it\u2019s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents."
}
]
}

50
2020/28xxx/CVE-2020-28600.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Openscad",
"version": {
"version_data": [
{
"version_value": "Openscad openscad-2020.12-RC2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

61
2020/35xxx/CVE-2020-35438.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md",
"refsource": "MISC",
"name": "https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md"
},
{
"refsource": "MISC",
"name": "https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md#415---2020-12-13",
"url": "https://github.com/kamalkhan/kk-star-ratings/blob/master/CHANGELOG.md#415---2020-12-13"
}
]
}

5
2020/8xxx/CVE-2020-8694.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8698.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8744.json
View File

@ -63,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201113-0002/",
"url": "https://security.netapp.com/advisory/ntap-20201113-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf"
}
]
},

5
2020/8xxx/CVE-2020-8745.json
View File

@ -58,6 +58,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201113-0002/",
"url": "https://security.netapp.com/advisory/ntap-20201113-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
}
]
},

5
2021/1xxx/CVE-2021-1413.json
View File

@ -71,6 +71,11 @@
"name": "20210407 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-558/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-558/"
}
]
},

5
2021/1xxx/CVE-2021-1414.json
View File

@ -71,6 +71,11 @@
"name": "20210407 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-559/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-559/"
}
]
},

5
2021/1xxx/CVE-2021-1415.json
View File

@ -71,6 +71,11 @@
"name": "20210407 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-560/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-560/"
}
]
},

95
2021/20xxx/CVE-2021-20538.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.",
"lang": "eng"
}
]
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6450849",
"name": "https://www.ibm.com/support/pages/node/6450849",
"title": "IBM Security Bulletin 6450849 (Cloud Pak for Security)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198919",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-cp4s-cve202120538-incorrect-auth (198919)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-05-07T00:00:00",
"ID": "CVE-2021-20538"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Pak for Security",
"version": {
"version_data": [
{
"version_value": "1.5.0.1"
},
{
"version_value": "1.5.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"I": "L",
"PR": "N",
"SCORE": "4.800",
"AC": "H",
"AV": "N",
"S": "U",
"C": "L",
"UI": "N",
"A": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"data_version": "4.0"
}

91
2021/20xxx/CVE-2021-20559.json
View File

@ -1,17 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228."
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6450759 (Control Desk)",
"name": "https://www.ibm.com/support/pages/node/6450759",
"url": "https://www.ibm.com/support/pages/node/6450759",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-smartcloud-cve202120559-xss (199228)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-07T00:00:00",
"ID": "CVE-2021-20559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Control Desk",
"version": {
"version_data": [
{
"version_value": "7.6.1.2"
},
{
"version_value": "7.6.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"I": "L",
"AC": "L",
"AV": "N",
"SCORE": "5.400",
"PR": "L",
"S": "C",
"A": "N",
"C": "L",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}

97
2021/20xxx/CVE-2021-20577.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20577",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281.",
"lang": "eng"
}
]
}
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.5.0.1"
},
{
"version_value": "1.5.0.0"
}
]
},
"product_name": "Cloud Pak for Security"
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"SCORE": "4.300",
"AC": "H",
"AV": "A",
"I": "L",
"C": "L",
"UI": "R",
"A": "N",
"S": "C"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "H"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6450849",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6450849 (Cloud Pak for Security)",
"name": "https://www.ibm.com/support/pages/node/6450849"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199281",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-cp4s-cve202120577-xss (199281)"
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-07T00:00:00",
"ID": "CVE-2021-20577",
"STATE": "PUBLIC"
},
"data_version": "4.0"
}

2
2021/20xxx/CVE-2021-20590.json
View File

@ -4,7 +4,7 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20590",
"ASSIGNER": "vultures@jpcert.or.jp",
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"STATE": "PUBLIC"
},
"affects": {

5
2021/21xxx/CVE-2021-21295.json
View File

@ -393,6 +393,11 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E",
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21409.json
View File

@ -213,6 +213,11 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
}
]
},

82
2021/21xxx/CVE-2021-21428.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openapi-generator",
"version": {
"version_data": [
{
"version_value": "< 5.1.0"
}
]
}
}
]
},
"vendor_name": "OpenAPITools"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf",
"refsource": "CONFIRM",
"url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-23x4-m842-fmwf"
},
{
"name": "https://github.com/OpenAPITools/openapi-generator/pull/8788",
"refsource": "MISC",
"url": "https://github.com/OpenAPITools/openapi-generator/pull/8788"
}
]
},
"source": {
"advisory": "GHSA-23x4-m842-fmwf",
"discovery": "UNKNOWN"
}
}

87
2021/21xxx/CVE-2021-21430.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openapi-generator",
"version": {
"version_data": [
{
"version_value": "< 5.1.0"
}
]
}
}
]
},
"vendor_name": "OpenAPITools"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-cqxr-xf2w-943w",
"refsource": "CONFIRM",
"url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-cqxr-xf2w-943w"
},
{
"name": "https://github.com/OpenAPITools/openapi-generator/pull/8791",
"refsource": "MISC",
"url": "https://github.com/OpenAPITools/openapi-generator/pull/8791"
},
{
"name": "https://github.com/OpenAPITools/openapi-generator/pull/8787",
"refsource": "MISC",
"url": "https://github.com/OpenAPITools/openapi-generator/pull/8787"
}
]
},
"source": {
"advisory": "GHSA-cqxr-xf2w-943w",
"discovery": "UNKNOWN"
}
}

77
2021/21xxx/CVE-2021-21648.json
View File

@ -1,17 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Credentials Plugin",
"version": {
"version_data": [
{
"version_value": "2.3.18",
"version_affected": "<="
},
{
"version_value": "2.3.0.1",
"version_affected": "!"
},
{
"version_value": "2.3.7.1",
"version_affected": "!"
},
{
"version_value": "2.3.14.1",
"version_affected": "!"
},
{
"version_value": "2.3.13.1",
"version_affected": "!"
},
{
"version_value": "2.3.15.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2349",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2349",
"refsource": "CONFIRM"
}
]
}

61
2021/21xxx/CVE-2021-21649.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dashboard View Plugin",
"version": {
"version_data": [
{
"version_value": "2.15",
"version_affected": "<="
},
{
"version_value": "2.12.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2233",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2233",
"refsource": "CONFIRM"
}
]
}

61
2021/21xxx/CVE-2021-21650.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins S3 publisher Plugin",
"version": {
"version_data": [
{
"version_value": "0.11.6",
"version_affected": "<="
},
{
"version_value": "0.11.5.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2200",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2200",
"refsource": "CONFIRM"
}
]
}

61
2021/21xxx/CVE-2021-21651.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins S3 publisher Plugin",
"version": {
"version_data": [
{
"version_value": "0.11.6",
"version_affected": "<="
},
{
"version_value": "0.11.5.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2201",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2201",
"refsource": "CONFIRM"
}
]
}

57
2021/21xxx/CVE-2021-21652.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Xray - Test Management for Jira Plugin",
"version": {
"version_data": [
{
"version_value": "2.4.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(1)",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(1)",
"refsource": "CONFIRM"
}
]
}

57
2021/21xxx/CVE-2021-21653.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Xray - Test Management for Jira Plugin",
"version": {
"version_data": [
{
"version_value": "2.4.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(2)",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(2)",
"refsource": "CONFIRM"
}
]
}

57
2021/21xxx/CVE-2021-21654.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins P4 Plugin",
"version": {
"version_data": [
{
"version_value": "1.11.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327",
"refsource": "CONFIRM"
}
]
}

57
2021/21xxx/CVE-2021-21655.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins P4 Plugin",
"version": {
"version_data": [
{
"version_value": "1.11.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2327",
"refsource": "CONFIRM"
}
]
}

57
2021/21xxx/CVE-2021-21656.json
View File

@ -1,17 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Xcode integration Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.14",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2335",
"url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2335",
"refsource": "CONFIRM"
}
]
}

50
2021/21xxx/CVE-2021-21990.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Vmware Workspace One UEM console",
"version": {
"version_data": [
{
"version_value": "VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflective Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0008.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0008.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response."
}
]
}

5
2021/22xxx/CVE-2021-22112.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://tanzu.vmware.com/security/cve-2021-22112",
"url": "https://tanzu.vmware.com/security/cve-2021-22112"
},
{
"refsource": "MLIST",
"name": "[nifi-issues] 20210510 [GitHub] [nifi] exceptionfactory opened a new pull request #5066: NIFI-8502 Upgrade Spring Framework to 5.3.6",
"url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E"
}
]
},

5
2021/22xxx/CVE-2021-22204.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"url": "http://www.openwall.com/lists/oss-security/2021/05/09/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"url": "http://www.openwall.com/lists/oss-security/2021/05/10/5"
}
]
},

5
2021/25xxx/CVE-2021-25143.json
View File

@ -54,6 +54,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25144.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25145.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25146.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25148.json
View File

@ -57,6 +57,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25149.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25150.json
View File

@ -57,6 +57,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25155.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25156.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25157.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25158.json
View File

@ -60,6 +60,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25159.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25160.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25161.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

5
2021/25xxx/CVE-2021-25162.json
View File

@ -63,6 +63,11 @@
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
}
]
},

61
2021/26xxx/CVE-2021-26309.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.jetbrains.com",
"refsource": "MISC",
"name": "https://blog.jetbrains.com"
},
{
"refsource": "MISC",
"name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/",
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
]
}

61
2021/26xxx/CVE-2021-26310.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.jetbrains.com",
"refsource": "MISC",
"name": "https://blog.jetbrains.com"
},
{
"refsource": "MISC",
"name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/",
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
]
}

79
2021/27xxx/CVE-2021-27611.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "701"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3046610",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3046610"
}
]
}

67
2021/27xxx/CVE-2021-27612.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.60"
},
{
"version_name": "<",
"version_value": "7.70"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In specific situations SAP GUI for Windows, versions - 7.60, 7.70 forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3023078",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3023078"
}
]
}

71
2021/27xxx/CVE-2021-27613.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business One (Cookbooks)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9.2"
},
{
"version_name": "<",
"version_value": "9.3"
},
{
"version_name": "<",
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3049755",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3049755"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
}
]
}

83
2021/27xxx/CVE-2021-27614.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business One, version for SAP HANA (Cookbooks)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "8.82"
},
{
"version_name": "<",
"version_value": "9.0"
},
{
"version_name": "<",
"version_value": "9.1"
},
{
"version_name": "<",
"version_value": "9.2"
},
{
"version_name": "<",
"version_value": "9.3"
},
{
"version_name": "<",
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.3",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3049661",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3049661"
}
]
}

83
2021/27xxx/CVE-2021-27616.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business One, version for SAP HANA (Cookbooks)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "8.82"
},
{
"version_name": "<",
"version_value": "9.0"
},
{
"version_name": "<",
"version_value": "9.1"
},
{
"version_name": "<",
"version_value": "9.2"
},
{
"version_name": "<",
"version_value": "9.3"
},
{
"version_name": "<",
"version_value": "10.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3049661",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3049661"
}
]
}

87
2021/27xxx/CVE-2021-27617.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Process Integration (Integration Builder Framework)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3012021",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3012021"
}
]
}

87
2021/27xxx/CVE-2021-27618.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Process Integration (Integration Builder Framework)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.9",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3012021",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3012021"
}
]
}

79
2021/27xxx/CVE-2021-27619.json
View File

@ -4,14 +4,87 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce (Backoffice Search)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
},
{
"version_name": "<",
"version_value": "2011"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3039818",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3039818"
}
]
}

61
2021/27xxx/CVE-2021-27733.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.jetbrains.com",
"refsource": "MISC",
"name": "https://blog.jetbrains.com"
},
{
"refsource": "MISC",
"name": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/",
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
}
]
}

56
2021/29xxx/CVE-2021-29022.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-29022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://notnnor.github.io/research/2021/03/17/full-path-discloure-in-invoiceplane.html",
"refsource": "MISC",
"name": "https://notnnor.github.io/research/2021/03/17/full-path-discloure-in-invoiceplane.html"
}
]
}

Some files were not shown because too many files have changed in this diff Show More