diff --git a/2016/2xxx/CVE-2016-2170.json b/2016/2xxx/CVE-2016-2170.json index f0f23324b2b..35bf940a795 100644 --- a/2016/2xxx/CVE-2016-2170.json +++ b/2016/2xxx/CVE-2016-2170.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", "url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", + "url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E" } ] } diff --git a/2016/3xxx/CVE-2016-3189.json b/2016/3xxx/CVE-2016-3189.json index c882e16f8cc..535532ff83c 100644 --- a/2016/3xxx/CVE-2016-3189.json +++ b/2016/3xxx/CVE-2016-3189.json @@ -151,6 +151,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", + "url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c@%3Cjira.kafka.apache.org%3E" } ] } diff --git a/2017/14xxx/CVE-2017-14535.json b/2017/14xxx/CVE-2017-14535.json index bafa83d55fe..5c8ee35ec39 100644 --- a/2017/14xxx/CVE-2017-14535.json +++ b/2017/14xxx/CVE-2017-14535.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit", + "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit" } ] } diff --git a/2017/14xxx/CVE-2017-14537.json b/2017/14xxx/CVE-2017-14537.json index e650a7da1c0..902777920ec 100644 --- a/2017/14xxx/CVE-2017-14537.json +++ b/2017/14xxx/CVE-2017-14537.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html", "url": "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit", + "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit" } ] } diff --git a/2018/19xxx/CVE-2018-19423.json b/2018/19xxx/CVE-2018-19423.json index 1e968a81c37..fee330bbf15 100644 --- a/2018/19xxx/CVE-2018-19423.json +++ b/2018/19xxx/CVE-2018-19423.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html", "url": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-19423-Exploit", + "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-19423-Exploit" } ] } diff --git a/2019/10xxx/CVE-2019-10172.json b/2019/10xxx/CVE-2019-10172.json index f13bf2baba7..a2775726d1c 100644 --- a/2019/10xxx/CVE-2019-10172.json +++ b/2019/10xxx/CVE-2019-10172.json @@ -173,6 +173,11 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20210320 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172", "url": "https://lists.apache.org/thread.html/r04ecadefb27cda84b699130b11b96427f1d8a7a4066d8292f7f15ed8@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar", + "url": "https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a@%3Cissues.hive.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10202.json b/2019/10xxx/CVE-2019-10202.json index ed77ca4ac33..0c56315b0a3 100644 --- a/2019/10xxx/CVE-2019-10202.json +++ b/2019/10xxx/CVE-2019-10202.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[hive-issues] 20210318 [jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar", "url": "https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b950f42e99fca9b4e@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar", + "url": "https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a@%3Cissues.hive.apache.org%3E" } ] }, diff --git a/2019/19xxx/CVE-2019-19208.json b/2019/19xxx/CVE-2019-19208.json index 1abeccf1350..48b65d9dccd 100644 --- a/2019/19xxx/CVE-2019-19208.json +++ b/2019/19xxx/CVE-2019-19208.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49902", + "url": "https://www.exploit-db.com/exploits/49902" } ] } diff --git a/2019/25xxx/CVE-2019-25051.json b/2019/25xxx/CVE-2019-25051.json index f2736e0e2b5..62b9ba67208 100644 --- a/2019/25xxx/CVE-2019-25051.json +++ b/2019/25xxx/CVE-2019-25051.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210725 [SECURITY] [DLA 2720-1] aspell security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-69de7c7ca4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/" } ] } diff --git a/2020/15xxx/CVE-2020-15078.json b/2020/15xxx/CVE-2020-15078.json index f980901c4ea..4219b97ae6f 100644 --- a/2020/15xxx/CVE-2020-15078.json +++ b/2020/15xxx/CVE-2020-15078.json @@ -44,6 +44,16 @@ }, "references": { "reference_data": [ + { + "refsource": "FEDORA", + "name": "FEDORA-2021-242ef81244", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-b805c26afa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/" + }, { "refsource": "MISC", "name": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078", @@ -63,6 +73,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-25", "url": "https://security.gentoo.org/glsa/202105-25" + }, + { + "refsource": "UBUNTU", + "name": "https://usn.ubuntu.com/usn/usn-4933-1", + "url": "https://usn.ubuntu.com/usn/usn-4933-1" } ] }, diff --git a/2020/15xxx/CVE-2020-15850.json b/2020/15xxx/CVE-2020-15850.json index 878dd6d63e1..1eb6a8a2934 100644 --- a/2020/15xxx/CVE-2020-15850.json +++ b/2020/15xxx/CVE-2020-15850.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", "url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", + "url": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes" } ] } diff --git a/2020/15xxx/CVE-2020-15851.json b/2020/15xxx/CVE-2020-15851.json index 1b062ff2892..90f0ae41b1a 100644 --- a/2020/15xxx/CVE-2020-15851.json +++ b/2020/15xxx/CVE-2020-15851.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", "url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes", + "url": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes" } ] } diff --git a/2020/18xxx/CVE-2020-18157.json b/2020/18xxx/CVE-2020-18157.json index bed0ef7d591..118167330dc 100644 --- a/2020/18xxx/CVE-2020-18157.json +++ b/2020/18xxx/CVE-2020-18157.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18157", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18157", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/je6k/ctf-challenges/blob/master/poc.txt", + "refsource": "MISC", + "name": "https://github.com/je6k/ctf-challenges/blob/master/poc.txt" } ] } diff --git a/2020/18xxx/CVE-2020-18158.json b/2020/18xxx/CVE-2020-18158.json index 6e04398fc7f..a6e6d97f9d9 100644 --- a/2020/18xxx/CVE-2020-18158.json +++ b/2020/18xxx/CVE-2020-18158.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18158", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnblogs.com/echod/articles/10380909.html", + "refsource": "MISC", + "name": "https://www.cnblogs.com/echod/articles/10380909.html" } ] } diff --git a/2020/18xxx/CVE-2020-18175.json b/2020/18xxx/CVE-2020-18175.json index 0f275c6d1b9..6344ef941e4 100644 --- a/2020/18xxx/CVE-2020-18175.json +++ b/2020/18xxx/CVE-2020-18175.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18175", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18175", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sword1991912/metinfo/issues/1", + "refsource": "MISC", + "name": "https://github.com/sword1991912/metinfo/issues/1" } ] } diff --git a/2020/21xxx/CVE-2020-21808.json b/2020/21xxx/CVE-2020-21808.json index e9ea51fcdb5..2a84b2937ab 100644 --- a/2020/21xxx/CVE-2020-21808.json +++ b/2020/21xxx/CVE-2020-21808.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21808", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21808", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://whitehub.net/submissions/1516", + "refsource": "MISC", + "name": "https://whitehub.net/submissions/1516" + }, + { + "url": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html", + "refsource": "MISC", + "name": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html" + }, + { + "url": "https://github.com/nukeviet/nukeviet/blob/4.3.08/CHANGELOG.txt#L11", + "refsource": "MISC", + "name": "https://github.com/nukeviet/nukeviet/blob/4.3.08/CHANGELOG.txt#L11" } ] } diff --git a/2020/21xxx/CVE-2020-21809.json b/2020/21xxx/CVE-2020-21809.json index 93a6c1b9784..0eb2cd385bc 100644 --- a/2020/21xxx/CVE-2020-21809.json +++ b/2020/21xxx/CVE-2020-21809.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21809", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21809", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html", + "refsource": "MISC", + "name": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html" + }, + { + "url": "https://whitehub.net/submissions/1517", + "refsource": "MISC", + "name": "https://whitehub.net/submissions/1517" + }, + { + "url": "https://whitehub.net/submissions/1518", + "refsource": "MISC", + "name": "https://whitehub.net/submissions/1518" + }, + { + "url": "https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68", + "refsource": "MISC", + "name": "https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68" } ] } diff --git a/2020/22xxx/CVE-2020-22761.json b/2020/22xxx/CVE-2020-22761.json index 1f9fc484ce3..720aedab64c 100644 --- a/2020/22xxx/CVE-2020-22761.json +++ b/2020/22xxx/CVE-2020-22761.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22761", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22761", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flatpressblog/flatpress/issues/64", + "refsource": "MISC", + "name": "https://github.com/flatpressblog/flatpress/issues/64" + }, + { + "url": "https://www.baomatcoban.info/2020/04/funnymini0day-flatpress-11-cross-site.html", + "refsource": "MISC", + "name": "https://www.baomatcoban.info/2020/04/funnymini0day-flatpress-11-cross-site.html" } ] } diff --git a/2020/22xxx/CVE-2020-22765.json b/2020/22xxx/CVE-2020-22765.json index acb2d50c1f4..e9ddefd0440 100644 --- a/2020/22xxx/CVE-2020-22765.json +++ b/2020/22xxx/CVE-2020-22765.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22765", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html", + "refsource": "MISC", + "name": "https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html" } ] } diff --git a/2020/36xxx/CVE-2020-36239.json b/2020/36xxx/CVE-2020-36239.json index 40d058d18d9..1d3aa77722e 100644 --- a/2020/36xxx/CVE-2020-36239.json +++ b/2020/36xxx/CVE-2020-36239.json @@ -1,190 +1,187 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-07-21T17:00:00", - "ID": "CVE-2020-36239", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.5.16", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.8", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.17.0", - "version_affected": "<" - } - - ] - } - }, - { - "product_name": "Jira Core Data Center", - "version": { - "version_data": [ - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.5.16", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.8", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.17.0", - "version_affected": "<" - } - - ] - } - }, - { - "product_name": "Jira Software Data Center", - "version": { - "version_data": [ - { - "version_value": "6.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.5.16", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.8", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.17.0", - "version_affected": "<" - } - - ] - } - }, - { - "product_name": "Jira Service Management Data Center", - "version": { - "version_data": [ - { - "version_value": "2.0.2", - "version_affected": ">=" - }, - { - "version_value": "4.5.16", - "version_affected": "<" - }, - { - "version_value": "4.6.0", - "version_affected": ">=" - }, - { - "version_value": "4.13.8", - "version_affected": "<" - }, - { - "version_value": "4.14.0", - "version_affected": ">=" - }, - { - "version_value": "4.17.0", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-862: Missing Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-07-21T17:00:00", + "ID": "CVE-2020-36239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.5.16", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.8", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.17.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Core Data Center", + "version": { + "version_data": [ + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.5.16", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.8", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.17.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Software Data Center", + "version": { + "version_data": [ + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.5.16", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.8", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.17.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Service Management Data Center", + "version": { + "version_data": [ + { + "version_value": "2.0.2", + "version_affected": ">=" + }, + { + "version_value": "4.5.16", + "version_affected": "<" + }, + { + "version_value": "4.6.0", + "version_affected": ">=" + }, + { + "version_value": "4.13.8", + "version_affected": "<" + }, + { + "version_value": "4.14.0", + "version_affected": ">=" + }, + { + "version_value": "4.17.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JSDSERVER-8454", - "refsource": "MISC", - "name": "https://jira.atlassian.com/browse/JSDSERVER-8454" - }, - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72566", - "refsource": "MISC", - "name": "https://jira.atlassian.com/browse/JRASERVER-72566" - }, - { - "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html", - "refsource": "MISC", - "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JSDSERVER-8454", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JSDSERVER-8454" + }, + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72566", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72566" + }, + { + "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html", + "refsource": "MISC", + "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36327.json b/2020/36xxx/CVE-2020-36327.json index 964bebd9942..310f4509bb5 100644 --- a/2020/36xxx/CVE-2020-36327.json +++ b/2020/36xxx/CVE-2020-36327.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/", "url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-36cdab1f8d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/" } ] } diff --git a/2020/4xxx/CVE-2020-4974.json b/2020/4xxx/CVE-2020-4974.json index 4b625df88e1..4a3ac3cc2d7 100644 --- a/2020/4xxx/CVE-2020-4974.json +++ b/2020/4xxx/CVE-2020-4974.json @@ -1,208 +1,208 @@ { - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)", - "url" : "https://www.ibm.com/support/pages/node/6475919", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6475919" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434", - "name" : "ibm-jazz-cve20204974-ssrf (192434)", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Engineering Test Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Team Concert" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Quality Manager" - }, - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Workflow Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Lifecycle Optimization" - }, - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)", + "url": "https://www.ibm.com/support/pages/node/6475919", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6475919" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192434", + "name": "ibm-jazz-cve20204974-ssrf (192434)", + "refsource": "XF" } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-07-27T00:00:00", - "ID" : "CVE-2020-4974", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Engineering Test Management", + "version": { + "version_data": [ + { + "version_value": "7.0.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Team Concert" + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Quality Manager" + }, + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Workflow Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Lifecycle Optimization" + }, + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "A" : "L", - "UI" : "N", - "C" : "L", - "SCORE" : "6.300", - "AV" : "N", - "PR" : "L", - "I" : "L", - "AC" : "L", - "S" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-07-27T00:00:00", + "ID": "CVE-2020-4974", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "A": "L", + "UI": "N", + "C": "L", + "SCORE": "6.300", + "AV": "N", + "PR": "L", + "I": "L", + "AC": "L", + "S": "U" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.", + "lang": "eng" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5004.json b/2020/5xxx/CVE-2020-5004.json index 6bbb1edc377..1be5a0bd453 100644 --- a/2020/5xxx/CVE-2020-5004.json +++ b/2020/5xxx/CVE-2020-5004.json @@ -1,208 +1,208 @@ { - "data_format" : "MITRE", - "CVE_data_meta" : { - "ID" : "CVE-2020-5004", - "DATE_PUBLIC" : "2021-07-27T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Team Concert" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Quality Manager" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Test Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Workflow Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Rational DOORS Next Generation" - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Lifecycle Optimization" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6475919", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6475919", - "title" : "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-jazz-cve20205004-xss (192957)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957" - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-5004", + "DATE_PUBLIC": "2021-07-27T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Team Concert" + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Quality Manager" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Test Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Workflow Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Rational DOORS Next Generation" + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Engineering Lifecycle Manager" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Lifecycle Optimization" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "5.400", - "PR" : "L", - "AV" : "N", - "A" : "N", - "UI" : "R", - "C" : "L", - "AC" : "L", - "S" : "C", - "I" : "L" - } - } - } -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6475919", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6475919", + "title": "IBM Security Bulletin 6475919 (Rational Rhapsody Design Manager)" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-jazz-cve20205004-xss (192957)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192957" + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + }, + "BM": { + "SCORE": "5.400", + "PR": "L", + "AV": "N", + "A": "N", + "UI": "R", + "C": "L", + "AC": "L", + "S": "C", + "I": "L" + } + } + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5329.json b/2020/5xxx/CVE-2020-5329.json index 78f67e73b50..34acbd3c65f 100644 --- a/2020/5xxx/CVE-2020-5329.json +++ b/2020/5xxx/CVE-2020-5329.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2020-02-24", - "ID": "CVE-2020-5329", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-02-24", + "ID": "CVE-2020-5329", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Avamar", + "product_name": "Avamar", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "7.3.1, 7.4.1" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.1, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability", + "name": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5353.json b/2020/5xxx/CVE-2020-5353.json index 69c5851f3d8..fa3253bd335 100644 --- a/2020/5xxx/CVE-2020-5353.json +++ b/2020/5xxx/CVE-2020-5353.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2020-04-09", - "ID": "CVE-2020-5353", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-04-09", + "ID": "CVE-2020-5353", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Isilon OneFS", + "product_name": "Isilon OneFS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "All supported" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system." } ] - }, + }, "impact": { "cvss": { - "baseScore": 8.8, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-276: Incorrect Default Permissions" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.emc.com/kb/542721" + "refsource": "MISC", + "url": "https://support.emc.com/kb/542721", + "name": "https://support.emc.com/kb/542721" } ] } diff --git a/2021/20xxx/CVE-2021-20505.json b/2021/20xxx/CVE-2021-20505.json index 5a45bc944cc..13268048875 100644 --- a/2021/20xxx/CVE-2021-20505.json +++ b/2021/20xxx/CVE-2021-20505.json @@ -1,99 +1,99 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20505", - "DATE_PUBLIC" : "2021-07-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232" - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6475619", - "title" : "IBM Security Bulletin 6475619 (PowerVM Hypervisor)", - "name" : "https://www.ibm.com/support/pages/node/6475619", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-powervm-cve202120505-info-disc (198232)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198232" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-20505", + "DATE_PUBLIC": "2021-07-28T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "PowerVM Hypervisor", - "version" : { - "version_data" : [ - { - "version_value" : "FW920" - }, - { - "version_value" : "FW930" - }, - { - "version_value" : "FW940" - }, - { - "version_value" : "FW950" - } - ] - } - } - ] - } + "lang": "eng", + "value": "The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6475619", + "title": "IBM Security Bulletin 6475619 (PowerVM Hypervisor)", + "name": "https://www.ibm.com/support/pages/node/6475619", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-powervm-cve202120505-info-disc (198232)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198232" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "PowerVM Hypervisor", + "version": { + "version_data": [ + { + "version_value": "FW920" + }, + { + "version_value": "FW930" + }, + { + "version_value": "FW940" + }, + { + "version_value": "FW950" + } + ] + } + } + ] + } + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "S" : "U", - "I" : "N", - "SCORE" : "4.400", - "C" : "H", - "AC" : "H", - "PR" : "H", - "AV" : "N", - "A" : "N" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "S": "U", + "I": "N", + "SCORE": "4.400", + "C": "H", + "AC": "H", + "PR": "H", + "AV": "N", + "A": "N" + } + } + } +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21538.json b/2021/21xxx/CVE-2021-21538.json index aba19c04a25..d4c818978ce 100644 --- a/2021/21xxx/CVE-2021-21538.json +++ b/2021/21xxx/CVE-2021-21538.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-05-10", - "ID": "CVE-2021-21538", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-05-10", + "ID": "CVE-2021-21538", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Integrated Dell Remote Access Controller (iDRAC)", + "product_name": "Integrated Dell Remote Access Controller (iDRAC)", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "4.40.10.00" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console." } ] - }, + }, "impact": { "cvss": { - "baseScore": 9.6, - "baseSeverity": "Critical", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", + "baseScore": 9.6, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000186420" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000186420", + "name": "https://www.dell.com/support/kbdoc/000186420" } ] } diff --git a/2021/21xxx/CVE-2021-21546.json b/2021/21xxx/CVE-2021-21546.json index 3eab6098915..a40440dba77 100644 --- a/2021/21xxx/CVE-2021-21546.json +++ b/2021/21xxx/CVE-2021-21546.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-02-25", - "ID": "CVE-2021-21546", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-02-25", + "ID": "CVE-2021-21546", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "NetWorker", + "product_name": "NetWorker", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "19.3.0.4" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.8, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-532: Information Exposure Through Log Files" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability", + "name": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability" } ] } diff --git a/2021/21xxx/CVE-2021-21775.json b/2021/21xxx/CVE-2021-21775.json index 248f9513b82..0363c2d9b51 100644 --- a/2021/21xxx/CVE-2021-21775.json +++ b/2021/21xxx/CVE-2021-21775.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004", "url": "http://www.openwall.com/lists/oss-security/2021/07/23/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-cf7d8c7b1a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4945", + "url": "https://www.debian.org/security/2021/dsa-4945" } ] }, diff --git a/2021/21xxx/CVE-2021-21779.json b/2021/21xxx/CVE-2021-21779.json index ef463035b49..1c00b277e81 100644 --- a/2021/21xxx/CVE-2021-21779.json +++ b/2021/21xxx/CVE-2021-21779.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004", "url": "http://www.openwall.com/lists/oss-security/2021/07/23/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-cf7d8c7b1a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4945", + "url": "https://www.debian.org/security/2021/dsa-4945" } ] }, diff --git a/2021/26xxx/CVE-2021-26081.json b/2021/26xxx/CVE-2021-26081.json index df101a32ca8..a9f5cf12b8e 100644 --- a/2021/26xxx/CVE-2021-26081.json +++ b/2021/26xxx/CVE-2021-26081.json @@ -1,105 +1,107 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2021-07-15T00:00:00", - "ID": "CVE-2021-26081", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira Server", - "version": { - "version_data": [ - { - "version_value": "8.5.14", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.6", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.16.1", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Jira Data Center", - "version": { - "version_data": [ - { - "version_value": "8.5.14", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.13.6", - "version_affected": "<" - }, - { - "version_value": "8.14.0", - "version_affected": ">=" - }, - { - "version_value": "8.16.1", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Enumeration" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-07-15T00:00:00", + "ID": "CVE-2021-26081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.14", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.6", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.16.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.5.14", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.6", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.16.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-72499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Enumeration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72499", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72499" + } + ] + } +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26295.json b/2021/26xxx/CVE-2021-26295.json index 7d9a497a06e..72a3dbd0c7f 100644 --- a/2021/26xxx/CVE-2021-26295.json +++ b/2021/26xxx/CVE-2021-26295.json @@ -119,6 +119,11 @@ "refsource": "MLIST", "name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", "url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", + "url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E" } ] }, diff --git a/2021/28xxx/CVE-2021-28164.json b/2021/28xxx/CVE-2021-28164.json index c993bfe42aa..c85fab2a439 100644 --- a/2021/28xxx/CVE-2021-28164.json +++ b/2021/28xxx/CVE-2021-28164.json @@ -136,6 +136,21 @@ "refsource": "MLIST", "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E" } ] } diff --git a/2021/29xxx/CVE-2021-29995.json b/2021/29xxx/CVE-2021-29995.json index 2388ba8fe35..2b2c23231f7 100644 --- a/2021/29xxx/CVE-2021-29995.json +++ b/2021/29xxx/CVE-2021-29995.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://support1.cloverdx.com/hc/en-us/articles/360021006520", "url": "https://support1.cloverdx.com/hc/en-us/articles/360021006520" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html" } ] } diff --git a/2021/30xxx/CVE-2021-30124.json b/2021/30xxx/CVE-2021-30124.json index 6ef7c3f0704..feff85de9eb 100644 --- a/2021/30xxx/CVE-2021-30124.json +++ b/2021/30xxx/CVE-2021-30124.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://marketplace.visualstudio.com/items?itemName=ecodes.vscode-phpmd", + "refsource": "MISC", + "name": "https://marketplace.visualstudio.com/items?itemName=ecodes.vscode-phpmd" + }, + { + "refsource": "MISC", + "name": "https://vuln.ryotak.me/advisories/25", + "url": "https://vuln.ryotak.me/advisories/25" + }, + { + "refsource": "MISC", + "name": "https://github.com/sandhje/vscode-phpmd/commit/c462bf5c6f0160d0199855d5f8ed76be8d9beac0", + "url": "https://github.com/sandhje/vscode-phpmd/commit/c462bf5c6f0160d0199855d5f8ed76be8d9beac0" } ] } diff --git a/2021/30xxx/CVE-2021-30128.json b/2021/30xxx/CVE-2021-30128.json index 691441763fc..386c0c631d2 100644 --- a/2021/30xxx/CVE-2021-30128.json +++ b/2021/30xxx/CVE-2021-30128.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", "url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]", + "url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E" } ] }, diff --git a/2021/31xxx/CVE-2021-31590.json b/2021/31xxx/CVE-2021-31590.json index 431327ff85d..d488679ce58 100644 --- a/2021/31xxx/CVE-2021-31590.json +++ b/2021/31xxx/CVE-2021-31590.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/pwndoc/pwndoc/pull/74", "url": "https://github.com/pwndoc/pwndoc/pull/74" + }, + { + "refsource": "MISC", + "name": "https://www.dgc.org/responsible_disclosure_pwndoc_jwt", + "url": "https://www.dgc.org/responsible_disclosure_pwndoc_jwt" } ] } diff --git a/2021/31xxx/CVE-2021-31799.json b/2021/31xxx/CVE-2021-31799.json index c754fbb45ef..8f6dd1a26dd 100644 --- a/2021/31xxx/CVE-2021-31799.json +++ b/2021/31xxx/CVE-2021-31799.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31799", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31799", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/", + "url": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2021-31799", + "url": "https://security-tracker.debian.org/tracker/CVE-2021-31799" } ] } diff --git a/2021/31xxx/CVE-2021-31810.json b/2021/31xxx/CVE-2021-31810.json index e5aac4bf92a..54d9521bb16 100644 --- a/2021/31xxx/CVE-2021-31810.json +++ b/2021/31xxx/CVE-2021-31810.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/", "url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-36cdab1f8d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/" } ] } diff --git a/2021/31xxx/CVE-2021-31921.json b/2021/31xxx/CVE-2021-31921.json index 909bfca204e..9a87393d84e 100644 --- a/2021/31xxx/CVE-2021-31921.json +++ b/2021/31xxx/CVE-2021-31921.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the AUTO_PASSTHROUGH routing configuration, allows attackers to bypass authorization checks and access unexpected services in the cluster." + "value": "Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration." } ] }, diff --git a/2021/32xxx/CVE-2021-32633.json b/2021/32xxx/CVE-2021-32633.json index 048c323b47b..96ecd701e28 100644 --- a/2021/32xxx/CVE-2021-32633.json +++ b/2021/32xxx/CVE-2021-32633.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210522 Re: Plone security hotfix 20210518", "url": "http://www.openwall.com/lists/oss-security/2021/05/22/1" + }, + { + "refsource": "MISC", + "name": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/", + "url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/" } ] }, diff --git a/2021/34xxx/CVE-2021-34165.json b/2021/34xxx/CVE-2021-34165.json index 1712644eac6..4baf6f775c6 100644 --- a/2021/34xxx/CVE-2021-34165.json +++ b/2021/34xxx/CVE-2021-34165.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34165", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34165", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49741", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49741" } ] } diff --git a/2021/34xxx/CVE-2021-34166.json b/2021/34xxx/CVE-2021-34166.json index e3482974e2b..a49b0758a37 100644 --- a/2021/34xxx/CVE-2021-34166.json +++ b/2021/34xxx/CVE-2021-34166.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34166", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34166", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49740", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49740" } ] } diff --git a/2021/34xxx/CVE-2021-34429.json b/2021/34xxx/CVE-2021-34429.json index 497baf4377a..5742e130299 100644 --- a/2021/34xxx/CVE-2021-34429.json +++ b/2021/34xxx/CVE-2021-34429.json @@ -92,7 +92,22 @@ "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm", "refsource": "CONFIRM", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0", + "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E" } ] } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34470.json b/2021/34xxx/CVE-2021-34470.json index 51adf2b6c55..3b5cdef3e9f 100644 --- a/2021/34xxx/CVE-2021-34470.json +++ b/2021/34xxx/CVE-2021-34470.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html" } ] } diff --git a/2021/36xxx/CVE-2021-36386.json b/2021/36xxx/CVE-2021-36386.json index 2e37f3a9507..3152be0be5e 100644 --- a/2021/36xxx/CVE-2021-36386.json +++ b/2021/36xxx/CVE-2021-36386.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fetchmail.info/security.html", + "refsource": "MISC", + "name": "https://www.fetchmail.info/security.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/07/28/5", + "url": "http://www.openwall.com/lists/oss-security/2021/07/28/5" + }, + { + "refsource": "CONFIRM", + "name": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt", + "url": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt" } ] } diff --git a/2021/36xxx/CVE-2021-36621.json b/2021/36xxx/CVE-2021-36621.json index ae8631eba05..96fcfed03ff 100644 --- a/2021/36xxx/CVE-2021-36621.json +++ b/2021/36xxx/CVE-2021-36621.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36621", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36621", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/50109", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50109" } ] } diff --git a/2021/36xxx/CVE-2021-36624.json b/2021/36xxx/CVE-2021-36624.json index e89fe6dd8dd..a05945fd6d1 100644 --- a/2021/36xxx/CVE-2021-36624.json +++ b/2021/36xxx/CVE-2021-36624.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/50105", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50105" } ] } diff --git a/2021/37xxx/CVE-2021-37144.json b/2021/37xxx/CVE-2021-37144.json index afa43e6e84d..757287fa283 100644 --- a/2021/37xxx/CVE-2021-37144.json +++ b/2021/37xxx/CVE-2021-37144.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cskaza/cszcms/issues/32", + "refsource": "MISC", + "name": "https://github.com/cskaza/cszcms/issues/32" } ] } diff --git a/2021/37xxx/CVE-2021-37578.json b/2021/37xxx/CVE-2021-37578.json index 335dfad1997..017b4ec6bb7 100644 --- a/2021/37xxx/CVE-2021-37578.json +++ b/2021/37xxx/CVE-2021-37578.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-37578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote code execution via RMI" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache jUDDI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.3.10" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Reported by Artem Smotrakov" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210728 [SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution", + "url": "http://www.openwall.com/lists/oss-security/2021/07/29/1" + } + ] + }, + "source": { + "defect": [ + "JUDDI-1018" + ], + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used." + } + ] } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37599.json b/2021/37xxx/CVE-2021-37599.json new file mode 100644 index 00000000000..40162b595c8 --- /dev/null +++ b/2021/37xxx/CVE-2021-37599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37600.json b/2021/37xxx/CVE-2021-37600.json new file mode 100644 index 00000000000..5429c8ec9d3 --- /dev/null +++ b/2021/37xxx/CVE-2021-37600.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-37600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/karelzak/util-linux/issues/1395", + "refsource": "MISC", + "name": "https://github.com/karelzak/util-linux/issues/1395" + }, + { + "url": "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c", + "refsource": "MISC", + "name": "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c" + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37601.json b/2021/37xxx/CVE-2021-37601.json index c3b4e657e64..f4bc436670c 100644 --- a/2021/37xxx/CVE-2021-37601.json +++ b/2021/37xxx/CVE-2021-37601.json @@ -61,11 +61,6 @@ "url": "https://prosody.im/", "refsource": "MISC", "name": "https://prosody.im/" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)", - "url": "http://www.openwall.com/lists/oss-security/2021/07/28/4" } ] }, diff --git a/2021/37xxx/CVE-2021-37602.json b/2021/37xxx/CVE-2021-37602.json new file mode 100644 index 00000000000..a678142c13b --- /dev/null +++ b/2021/37xxx/CVE-2021-37602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37603.json b/2021/37xxx/CVE-2021-37603.json new file mode 100644 index 00000000000..66ef7dab440 --- /dev/null +++ b/2021/37xxx/CVE-2021-37603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37604.json b/2021/37xxx/CVE-2021-37604.json new file mode 100644 index 00000000000..01aa24b9c97 --- /dev/null +++ b/2021/37xxx/CVE-2021-37604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37605.json b/2021/37xxx/CVE-2021-37605.json new file mode 100644 index 00000000000..eb03d281262 --- /dev/null +++ b/2021/37xxx/CVE-2021-37605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37607.json b/2021/37xxx/CVE-2021-37607.json new file mode 100644 index 00000000000..0d7489ca194 --- /dev/null +++ b/2021/37xxx/CVE-2021-37607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37608.json b/2021/37xxx/CVE-2021-37608.json new file mode 100644 index 00000000000..11f1fdad57c --- /dev/null +++ b/2021/37xxx/CVE-2021-37608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37609.json b/2021/37xxx/CVE-2021-37609.json new file mode 100644 index 00000000000..2463eefa041 --- /dev/null +++ b/2021/37xxx/CVE-2021-37609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37610.json b/2021/37xxx/CVE-2021-37610.json new file mode 100644 index 00000000000..8a1e9a4cc64 --- /dev/null +++ b/2021/37xxx/CVE-2021-37610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37611.json b/2021/37xxx/CVE-2021-37611.json new file mode 100644 index 00000000000..434df16cac5 --- /dev/null +++ b/2021/37xxx/CVE-2021-37611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37612.json b/2021/37xxx/CVE-2021-37612.json new file mode 100644 index 00000000000..5b6ebc922ae --- /dev/null +++ b/2021/37xxx/CVE-2021-37612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37613.json b/2021/37xxx/CVE-2021-37613.json new file mode 100644 index 00000000000..5bb005a1ba7 --- /dev/null +++ b/2021/37xxx/CVE-2021-37613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37614.json b/2021/37xxx/CVE-2021-37614.json new file mode 100644 index 00000000000..912952b1026 --- /dev/null +++ b/2021/37xxx/CVE-2021-37614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3013.json b/2021/3xxx/CVE-2021-3013.json index d4a88736b94..db8cbc70a2e 100644 --- a/2021/3xxx/CVE-2021-3013.json +++ b/2021/3xxx/CVE-2021-3013.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md", "url": "https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md", + "url": "https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md" } ] } diff --git a/2021/3xxx/CVE-2021-3668.json b/2021/3xxx/CVE-2021-3668.json new file mode 100644 index 00000000000..f3c3e89de8f --- /dev/null +++ b/2021/3xxx/CVE-2021-3668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3669.json b/2021/3xxx/CVE-2021-3669.json new file mode 100644 index 00000000000..5964a404a4d --- /dev/null +++ b/2021/3xxx/CVE-2021-3669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file