admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-30 14:11:02 +00:00
parent 3e116a65b8
commit d1c56aae0e
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
68 changed files with 2281 additions and 984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/2xxx/CVE-2016-2170.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E"
}
]
}

10
2016/3xxx/CVE-2016-3189.json
View File

@ -151,6 +151,16 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210729 [jira] [Comment Edited] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210729 [jira] [Commented] (KAFKA-9858) CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c@%3Cjira.kafka.apache.org%3E"
}
]
}

5
2017/14xxx/CVE-2017-14535.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit"
}
]
}

5
2017/14xxx/CVE-2017-14537.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html"
},
{
"refsource": "MISC",
"name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit"
}
]
}

5
2018/19xxx/CVE-2018-19423.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html"
},
{
"refsource": "MISC",
"name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-19423-Exploit",
"url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-19423-Exploit"
}
]
}

5
2019/10xxx/CVE-2019-10172.json
View File

@ -173,6 +173,11 @@
"refsource": "MLIST",
"name": "[hadoop-common-issues] 20210320 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172",
"url": "https://lists.apache.org/thread.html/r04ecadefb27cda84b699130b11b96427f1d8a7a4066d8292f7f15ed8@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar",
"url": "https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a@%3Cissues.hive.apache.org%3E"
}
]
},

5
2019/10xxx/CVE-2019-10202.json
View File

@ -83,6 +83,11 @@
"refsource": "MLIST",
"name": "[hive-issues] 20210318 [jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar",
"url": "https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b950f42e99fca9b4e@%3Cissues.hive.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar",
"url": "https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a@%3Cissues.hive.apache.org%3E"
}
]
},

5
2019/19xxx/CVE-2019-19208.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162753/Codiad-2.8.4-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49902",
"url": "https://www.exploit-db.com/exploits/49902"
}
]
}

5
2019/25xxx/CVE-2019-25051.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210725 [SECURITY] [DLA 2720-1] aspell security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-69de7c7ca4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/"
}
]
}

15
2020/15xxx/CVE-2020-15078.json
View File

@ -44,6 +44,16 @@
},
"references": {
"reference_data": [
{
"refsource": "FEDORA",
"name": "FEDORA-2021-242ef81244",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-b805c26afa",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/"
},
{
"refsource": "MISC",
"name": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078",
@ -63,6 +73,11 @@
"refsource": "GENTOO",
"name": "GLSA-202105-25",
"url": "https://security.gentoo.org/glsa/202105-25"
},
{
"refsource": "UBUNTU",
"name": "https://usn.ubuntu.com/usn/usn-4933-1",
"url": "https://usn.ubuntu.com/usn/usn-4933-1"
}
]
},

5
2020/15xxx/CVE-2020-15850.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities",
"url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes",
"url": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes"
}
]
}

5
2020/15xxx/CVE-2020-15851.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities",
"url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities"
},
{
"refsource": "MISC",
"name": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes",
"url": "https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes"
}
]
}

62
2020/18xxx/CVE-2020-18157.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18157",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/je6k/ctf-challenges/blob/master/poc.txt",
"refsource": "MISC",
"name": "https://github.com/je6k/ctf-challenges/blob/master/poc.txt"
}
]
}

62
2020/18xxx/CVE-2020-18158.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18158",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cnblogs.com/echod/articles/10380909.html",
"refsource": "MISC",
"name": "https://www.cnblogs.com/echod/articles/10380909.html"
}
]
}

62
2020/18xxx/CVE-2020-18175.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18175",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sword1991912/metinfo/issues/1",
"refsource": "MISC",
"name": "https://github.com/sword1991912/metinfo/issues/1"
}
]
}

72
2020/21xxx/CVE-2020-21808.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21808",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://whitehub.net/submissions/1516",
"refsource": "MISC",
"name": "https://whitehub.net/submissions/1516"
},
{
"url": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html",
"refsource": "MISC",
"name": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html"
},
{
"url": "https://github.com/nukeviet/nukeviet/blob/4.3.08/CHANGELOG.txt#L11",
"refsource": "MISC",
"name": "https://github.com/nukeviet/nukeviet/blob/4.3.08/CHANGELOG.txt#L11"
}
]
}

77
2020/21xxx/CVE-2020-21809.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21809",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html",
"refsource": "MISC",
"name": "https://nukeviet.vn/vi/news/Tin-an-ninh/huong-dan-fix-loi-bao-mat-nukeviet-4-va-module-shops-612.html"
},
{
"url": "https://whitehub.net/submissions/1517",
"refsource": "MISC",
"name": "https://whitehub.net/submissions/1517"
},
{
"url": "https://whitehub.net/submissions/1518",
"refsource": "MISC",
"name": "https://whitehub.net/submissions/1518"
},
{
"url": "https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68",
"refsource": "MISC",
"name": "https://github.com/nukeviet/module-shops/commit/742c0e0f74364f7250c2a69f0a957d4e6317be68"
}
]
}

67
2020/22xxx/CVE-2020-22761.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-22761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-22761",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/flatpressblog/flatpress/issues/64",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/issues/64"
},
{
"url": "https://www.baomatcoban.info/2020/04/funnymini0day-flatpress-11-cross-site.html",
"refsource": "MISC",
"name": "https://www.baomatcoban.info/2020/04/funnymini0day-flatpress-11-cross-site.html"
}
]
}

62
2020/22xxx/CVE-2020-22765.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-22765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-22765",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html",
"refsource": "MISC",
"name": "https://nukeviet.vn/vi/news/Tin-tuc/nukeviet-cam-on-le-thanh-trung-da-phat-hien-loi-an-ninh-nukeviet-631.html"
}
]
}

3
2020/36xxx/CVE-2020-36239.json
View File

@ -39,7 +39,6 @@
"version_value": "8.17.0",
"version_affected": "<"
}
]
}
},
@ -71,7 +70,6 @@
"version_value": "8.17.0",
"version_affected": "<"
}
]
}
},
@ -103,7 +101,6 @@
"version_value": "8.17.0",
"version_affected": "<"
}
]
}
},

5
2020/36xxx/CVE-2020-36327.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC",
"name": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/",
"url": "https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-36cdab1f8d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/"
}
]
}

5
2020/5xxx/CVE-2020-5329.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability"
"refsource": "MISC",
"url": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability",
"name": "https://www.dell.com/support/security/en-us/details/541529/DSA-2020-046-Dell-EMC-Avamar-Server-Open-Redirect-Vulnerability"
}
]
}

5
2020/5xxx/CVE-2020-5353.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.emc.com/kb/542721"
"refsource": "MISC",
"url": "https://support.emc.com/kb/542721",
"name": "https://support.emc.com/kb/542721"
}
]
}

5
2021/21xxx/CVE-2021-21538.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/000186420"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000186420",
"name": "https://www.dell.com/support/kbdoc/000186420"
}
]
}

5
2021/21xxx/CVE-2021-21546.json
View File

@ -63,8 +63,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability",
"name": "https://www.dell.com/support/kbdoc/en-us/000185470/dsa-2021-081-dell-emc-networker-security-update-for-a-clear-text-vulnerability"
}
]
}

10
2021/21xxx/CVE-2021-21775.json
View File

@ -53,6 +53,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004",
"url": "http://www.openwall.com/lists/oss-security/2021/07/23/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-cf7d8c7b1a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4945",
"url": "https://www.debian.org/security/2021/dsa-4945"
}
]
},

10
2021/21xxx/CVE-2021-21779.json
View File

@ -53,6 +53,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210723 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0004",
"url": "http://www.openwall.com/lists/oss-security/2021/07/23/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-cf7d8c7b1a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4945",
"url": "https://www.debian.org/security/2021/dsa-4945"
}
]
},

4
2021/26xxx/CVE-2021-26081.json
View File

@ -98,7 +98,9 @@
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72499"
"url": "https://jira.atlassian.com/browse/JRASERVER-72499",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-72499"
}
]
}

5
2021/26xxx/CVE-2021-26295.json
View File

@ -119,6 +119,11 @@
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E"
}
]
},

15
2021/28xxx/CVE-2021-28164.json
View File

@ -136,6 +136,21 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
}
]
}

5
2021/29xxx/CVE-2021-29995.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://support1.cloverdx.com/hc/en-us/articles/360021006520",
"url": "https://support1.cloverdx.com/hc/en-us/articles/360021006520"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/163697/CloverDX-5.9.0-Code-Execution-Cross-Site-Request-Forgery.html"
}
]
}

72
2021/30xxx/CVE-2021-30124.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30124",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://marketplace.visualstudio.com/items?itemName=ecodes.vscode-phpmd",
"refsource": "MISC",
"name": "https://marketplace.visualstudio.com/items?itemName=ecodes.vscode-phpmd"
},
{
"refsource": "MISC",
"name": "https://vuln.ryotak.me/advisories/25",
"url": "https://vuln.ryotak.me/advisories/25"
},
{
"refsource": "MISC",
"name": "https://github.com/sandhje/vscode-phpmd/commit/c462bf5c6f0160d0199855d5f8ed76be8d9beac0",
"url": "https://github.com/sandhje/vscode-phpmd/commit/c462bf5c6f0160d0199855d5f8ed76be8d9beac0"
}
]
}

5
2021/30xxx/CVE-2021-30128.json
View File

@ -113,6 +113,11 @@
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E"
}
]
},

5
2021/31xxx/CVE-2021-31590.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/pwndoc/pwndoc/pull/74",
"url": "https://github.com/pwndoc/pwndoc/pull/74"
},
{
"refsource": "MISC",
"name": "https://www.dgc.org/responsible_disclosure_pwndoc_jwt",
"url": "https://www.dgc.org/responsible_disclosure_pwndoc_jwt"
}
]
}

67
2021/31xxx/CVE-2021-31799.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31799",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/",
"url": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-31799",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-31799"
}
]
}

5
2021/31xxx/CVE-2021-31810.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/",
"url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-36cdab1f8d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/"
}
]
}

2
2021/31xxx/CVE-2021-31921.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the AUTO_PASSTHROUGH routing configuration, allows attackers to bypass authorization checks and access unexpected services in the cluster."
"value": "Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration."
}
]
},

5
2021/32xxx/CVE-2021-32633.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"refsource": "MISC",
"name": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/",
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
]
},

62
2021/34xxx/CVE-2021-34165.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34165",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/49741",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49741"
}
]
}

62
2021/34xxx/CVE-2021-34166.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34166",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/49740",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49740"
}
]
}

15
2021/34xxx/CVE-2021-34429.json
View File

@ -92,6 +92,21 @@
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
}
]
}

5
2021/34xxx/CVE-2021-34470.json
View File

@ -76,6 +76,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html"
}
]
}

72
2021/36xxx/CVE-2021-36386.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36386",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.fetchmail.info/security.html",
"refsource": "MISC",
"name": "https://www.fetchmail.info/security.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/07/28/5",
"url": "http://www.openwall.com/lists/oss-security/2021/07/28/5"
},
{
"refsource": "CONFIRM",
"name": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt",
"url": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt"
}
]
}

62
2021/36xxx/CVE-2021-36621.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36621",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36621",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/50109",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50109"
}
]
}

62
2021/36xxx/CVE-2021-36624.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36624",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/50105",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50105"
}
]
}

62
2021/37xxx/CVE-2021-37144.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37144",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/cskaza/cszcms/issues/32",
"refsource": "MISC",
"name": "https://github.com/cskaza/cszcms/issues/32"
}
]
}

95
2021/37xxx/CVE-2021-37578.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-37578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Remote code execution via RMI"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Apache jUDDI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.3.10"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Artem Smotrakov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E",
"name": "https://lists.apache.org/thread.html/r82047b3ba774cf870ea8e1e9ec51c6107f6cd056d4e36608148c6e71%40%3Cprivate.juddi.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210728 [SECURITY] CVE-2021-37578 Apache jUDDI Remote code execution",
"url": "http://www.openwall.com/lists/oss-security/2021/07/29/1"
}
]
},
"source": {
"defect": [
"JUDDI-1018"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "For the jUDDI service web application, RMI and JNDI service registration is disabled by default. If it was enabled by the system owner, disable it.\n\nFor jUDDI Clients, do not use RMI Transports. This is an opt-in feature and is not typically used."
}
]
}

18
2021/37xxx/CVE-2021-37599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2021/37xxx/CVE-2021-37600.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/karelzak/util-linux/issues/1395",
"refsource": "MISC",
"name": "https://github.com/karelzak/util-linux/issues/1395"
},
{
"url": "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c",
"refsource": "MISC",
"name": "https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c"
}
]
}
}

5
2021/37xxx/CVE-2021-37601.json
View File

@ -61,11 +61,6 @@
"url": "https://prosody.im/",
"refsource": "MISC",
"name": "https://prosody.im/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210728 Re: Prosody XMPP server advisory 2021-07-22 (Remote Information Disclosure) (CVE-2021-37601)",
"url": "http://www.openwall.com/lists/oss-security/2021/07/28/4"
}
]
},

18
2021/37xxx/CVE-2021-37602.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37603.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37604.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37605.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37607.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37608.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37609.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37609",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37610.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37611.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37612.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37613.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/37xxx/CVE-2021-37614.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2021/3xxx/CVE-2021-3013.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md",
"url": "https://github.com/BurntSushi/ripgrep/blob/master/CHANGELOG.md"
},
{
"refsource": "MISC",
"name": "https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md",
"url": "https://github.com/BurntSushi/ripgrep/blob/e48a17e1891e1ea9dd06ba0e48d5fb140ca7c0c4/CHANGELOG.md"
}
]
}

18
2021/3xxx/CVE-2021-3668.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3669.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}