admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-07 04:00:42 +00:00
parent 07050c96e9
commit d75962fa22
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
15 changed files with 825 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2021/32xxx/CVE-2021-32090.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/32xxx/CVE-2021-32091.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/32xxx/CVE-2021-32092.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/32xxx/CVE-2021-32093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2021/32xxx/CVE-2021-32094.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover"
},
{
"url": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed"
}
]
}
}

67
2021/32xxx/CVE-2021-32095.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover"
},
{
"url": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed"
}
]
}
}

67
2021/32xxx/CVE-2021-32096.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover"
},
{
"url": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed"
}
]
}
}

18
2021/32xxx/CVE-2021-32097.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2021/32xxx/CVE-2021-32098.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained"
},
{
"url": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
"refsource": "MISC",
"name": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/"
},
{
"url": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack"
}
]
}
}

72
2021/32xxx/CVE-2021-32099.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained"
},
{
"url": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
"refsource": "MISC",
"name": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/"
},
{
"url": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack"
}
]
}
}

72
2021/32xxx/CVE-2021-32100.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained"
},
{
"url": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/",
"refsource": "MISC",
"name": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/"
},
{
"url": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack"
}
]
}
}

77
2021/32xxx/CVE-2021-32101.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"
},
{
"url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
"refsource": "MISC",
"name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"
},
{
"url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
"refsource": "MISC",
"name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"
},
{
"url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"
}
]
}
}

82
2021/32xxx/CVE-2021-32102.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"
},
{
"url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
"refsource": "MISC",
"name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"
},
{
"url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
"refsource": "MISC",
"name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"
},
{
"url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"
},
{
"url": "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
"refsource": "MISC",
"name": "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches"
}
]
}
}

77
2021/32xxx/CVE-2021-32103.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"
},
{
"url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
"refsource": "MISC",
"name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"
},
{
"url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
"refsource": "MISC",
"name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"
},
{
"url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"
}
]
}
}

82
2021/32xxx/CVE-2021-32104.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability",
"refsource": "MISC",
"name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability"
},
{
"url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592",
"refsource": "MISC",
"name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592"
},
{
"url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431",
"refsource": "MISC",
"name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431"
},
{
"url": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal",
"refsource": "MISC",
"name": "https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal"
},
{
"url": "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches",
"refsource": "MISC",
"name": "https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches"
}
]
}
}