diff --git a/2020/12xxx/CVE-2020-12483.json b/2020/12xxx/CVE-2020-12483.json index 4f5271659d6..6719bd8c596 100644 --- a/2020/12xxx/CVE-2020-12483.json +++ b/2020/12xxx/CVE-2020-12483.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@vivo.com", + "DATE_PUBLIC": "2021-03-22T16:00:00.000Z", "ID": "CVE-2020-12483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AppStore Remote Download and Installation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "appstore", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.12.0.0", + "version_value": "8.12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "vivo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vivo.com/en/support/security-advisory-detail?id=1", + "refsource": "CONFIRM", + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=1" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20219.json b/2021/20xxx/CVE-2021-20219.json index d4029334746..571e314932d 100644 --- a/2021/20xxx/CVE-2021-20219.json +++ b/2021/20xxx/CVE-2021-20219.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 4.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-697" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923738", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923738" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability." } ] } diff --git a/2021/20xxx/CVE-2021-20222.json b/2021/20xxx/CVE-2021-20222.json index cd8a9915f65..fe894aa2851 100644 --- a/2021/20xxx/CVE-2021-20222.json +++ b/2021/20xxx/CVE-2021-20222.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "keycloak 13.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924606", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924606" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2021/20xxx/CVE-2021-20227.json b/2021/20xxx/CVE-2021-20227.json index 3ccbbd4f1db..ab8835bb7b6 100644 --- a/2021/20xxx/CVE-2021-20227.json +++ b/2021/20xxx/CVE-2021-20227.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20227", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "sqlite", + "version": { + "version_data": [ + { + "version_value": "sqlite 3.34.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924886", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924886" + }, + { + "refsource": "MISC", + "name": "https://www.sqlite.org/releaselog/3_34_1.html", + "url": "https://www.sqlite.org/releaselog/3_34_1.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability." } ] } diff --git a/2021/20xxx/CVE-2021-20270.json b/2021/20xxx/CVE-2021-20270.json index 236b1e77d6e..1b03f374f7b 100644 --- a/2021/20xxx/CVE-2021-20270.json +++ b/2021/20xxx/CVE-2021-20270.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20270", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "python-pygments", + "version": { + "version_data": [ + { + "version_value": "python-pygments 2.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922136" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the \"exception\" keyword." } ] } diff --git a/2021/23xxx/CVE-2021-23274.json b/2021/23xxx/CVE-2021-23274.json index 7a09f707d4f..28024f19527 100644 --- a/2021/23xxx/CVE-2021-23274.json +++ b/2021/23xxx/CVE-2021-23274.json @@ -1,101 +1,101 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-23274", - "STATE": "PUBLIC", - "TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO API Exchange Gateway", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "2.3.3" - } - ] - } - }, - { - "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "2.3.3" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher" - } - ], - "source": { - "discovery": "INTERNAL" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-23274", + "STATE": "PUBLIC", + "TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO API Exchange Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.3.3" + } + ] + } + }, + { + "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.3.3" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23362.json b/2021/23xxx/CVE-2021-23362.json index 040d4ffa378..7f070f832ac 100644 --- a/2021/23xxx/CVE-2021-23362.json +++ b/2021/23xxx/CVE-2021-23362.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355", + "name": "https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356" }, { - "refsource": "CONFIRM", - "url": "https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3" + "refsource": "MISC", + "url": "https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3", + "name": "https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().\n\n" + "value": "The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl()." } ] },