"-Synchronized-Data."

This commit is contained in:
CVE Team 2021-08-17 15:00:58 +00:00
parent a40b304929
commit e0a3e8b9a9
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 290 additions and 222 deletions

View File

@ -68,6 +68,16 @@
"refsource": "MLIST",
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"
}
]
},

View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
}
]
},

View File

@ -136,6 +136,16 @@
"refsource": "MLIST",
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"
}
]
}

View File

@ -1,118 +1,118 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-25956",
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-08-11T09:00:00.000Z",
"TITLE": "Improper User Access Control in \"Dolibarr\" Leads to Account Takeover",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dolibarr",
"product": {
"product_data": [
{
"product_name": "dolibarr",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": ">=",
"version_value": "3.3.beta1_20121221",
"platform": ""
},
{
"version_name": "",
"version_affected": "<=",
"version_value": "13.0.2",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-25956",
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-08-11T09:00:00.000Z",
"TITLE": "Improper User Access Control in \"Dolibarr\" Leads to Account Takeover",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dolibarr",
"product": {
"product_data": [
{
"product_name": "dolibarr",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": ">=",
"version_value": "3.3.beta1_20121221",
"platform": ""
},
{
"version_name": "",
"version_affected": "<=",
"version_value": "13.0.2",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In \u201cDolibarr\u201d application, v3.3.beta1_20121221 to v13.0.2 have \u201cModify\u201d access for admin level users to change other user\u2019s details but fails to validate already existing \u201cLogin\u201d name, while renaming the user \u201cLogin\u201d. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee",
"url": "https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee"
},
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Update to 14.0.0"
}
],
"credit": [
{
"lang": "eng",
"value": "Daniel Elkabes"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other users details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956",
"name": ""
},
{
"refsource": "MISC",
"url": "https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee",
"name": ""
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Update to 14.0.0"
}
],
"credit": [
{
"lang": "eng",
"value": "Daniel Elkabes"
}
]
}
}

View File

@ -1,118 +1,118 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-25957",
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "",
"TITLE": "Account Takeover in \"Dolibarr\" via Password Reset Functionality",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dolibarr",
"product": {
"product_data": [
{
"product_name": "dolibarr",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<=",
"version_value": "13.0.2",
"platform": ""
},
{
"version_name": "",
"version_affected": ">=",
"version_value": "2.8.1",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-25957",
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "",
"TITLE": "Account Takeover in \"Dolibarr\" via Password Reset Functionality",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dolibarr",
"product": {
"product_data": [
{
"product_name": "dolibarr",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<=",
"version_value": "13.0.2",
"platform": ""
},
{
"version_name": "",
"version_affected": ">=",
"version_value": "2.8.1",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In \u201cDolibarr\u201d application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377",
"url": "https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377"
},
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Update to 14.0.0"
}
],
"credit": [
{
"lang": "eng",
"value": "Hagai Wechsler"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957",
"name": ""
},
{
"refsource": "MISC",
"url": "https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377",
"name": ""
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Update to 14.0.0"
}
],
"credit": [
{
"lang": "eng",
"value": "Hagai Wechsler"
}
]
}
}

View File

@ -248,6 +248,16 @@
"refsource": "MLIST",
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"
}
]
},

View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
}
]
}

View File

@ -142,6 +142,11 @@
"refsource": "MLIST",
"name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
"url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
}
]
}

View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}