diff --git a/2020/21xxx/CVE-2020-21121.json b/2020/21xxx/CVE-2020-21121.json index 443ab32bec3..2cc6b679bea 100644 --- a/2020/21xxx/CVE-2020-21121.json +++ b/2020/21xxx/CVE-2020-21121.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21121", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21121", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/259", + "refsource": "MISC", + "name": "https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/259" } ] } diff --git a/2020/21xxx/CVE-2020-21122.json b/2020/21xxx/CVE-2020-21122.json index cb63e510770..54dbb57cc40 100644 --- a/2020/21xxx/CVE-2020-21122.json +++ b/2020/21xxx/CVE-2020-21122.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21122", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21122", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/youseries/ureport/issues/483", + "refsource": "MISC", + "name": "https://github.com/youseries/ureport/issues/483" } ] } diff --git a/2020/21xxx/CVE-2020-21124.json b/2020/21xxx/CVE-2020-21124.json index 3e89101030d..32ad3a5f137 100644 --- a/2020/21xxx/CVE-2020-21124.json +++ b/2020/21xxx/CVE-2020-21124.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/youseries/ureport/issues/484", + "refsource": "MISC", + "name": "https://github.com/youseries/ureport/issues/484" } ] } diff --git a/2020/21xxx/CVE-2020-21125.json b/2020/21xxx/CVE-2020-21125.json index 8817d980985..8f019b28f4c 100644 --- a/2020/21xxx/CVE-2020-21125.json +++ b/2020/21xxx/CVE-2020-21125.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21125", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21125", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/youseries/ureport/issues/485", + "refsource": "MISC", + "name": "https://github.com/youseries/ureport/issues/485" } ] } diff --git a/2020/21xxx/CVE-2020-21126.json b/2020/21xxx/CVE-2020-21126.json index 87a5b3e06c2..035e82977d2 100644 --- a/2020/21xxx/CVE-2020-21126.json +++ b/2020/21xxx/CVE-2020-21126.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21126", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21126", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Echox1/metinfo_csrf/issues/1", + "refsource": "MISC", + "name": "https://github.com/Echox1/metinfo_csrf/issues/1" } ] } diff --git a/2020/21xxx/CVE-2020-21127.json b/2020/21xxx/CVE-2020-21127.json index 600309f139d..16e1685b45b 100644 --- a/2020/21xxx/CVE-2020-21127.json +++ b/2020/21xxx/CVE-2020-21127.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21127", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21127", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/T3qui1a/metinfo_sqlinjection/issues/1", + "refsource": "MISC", + "name": "https://github.com/T3qui1a/metinfo_sqlinjection/issues/1" } ] } diff --git a/2021/25xxx/CVE-2021-25665.json b/2021/25xxx/CVE-2021-25665.json index 380cedbfcd6..8f632846af2 100644 --- a/2021/25xxx/CVE-2021-25665.json +++ b/2021/25xxx/CVE-2021-25665.json @@ -56,6 +56,11 @@ "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1074/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1074/" } ] } diff --git a/2021/27xxx/CVE-2021-27045.json b/2021/27xxx/CVE-2021-27045.json index a35a0e5ea8c..d4340bbd43c 100644 --- a/2021/27xxx/CVE-2021-27045.json +++ b/2021/27xxx/CVE-2021-27045.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Navisworks", + "version": { + "version_data": [ + { + "version_value": "2019, 2020, 2021, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/27xxx/CVE-2021-27046.json b/2021/27xxx/CVE-2021-27046.json index cca1d8fa44c..73bd48fa8ca 100644 --- a/2021/27xxx/CVE-2021-27046.json +++ b/2021/27xxx/CVE-2021-27046.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Navisworks", + "version": { + "version_data": [ + { + "version_value": "2019, 2020, 2021, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption - Generic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files." } ] } diff --git a/2021/32xxx/CVE-2021-32682.json b/2021/32xxx/CVE-2021-32682.json index fe2b95653d5..7e0ea402a42 100644 --- a/2021/32xxx/CVE-2021-32682.json +++ b/2021/32xxx/CVE-2021-32682.json @@ -94,6 +94,11 @@ "name": "https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17", "refsource": "MISC", "url": "https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html" } ] }, diff --git a/2021/37xxx/CVE-2021-37176.json b/2021/37xxx/CVE-2021-37176.json index 86519e0bd5e..fe2a176db1b 100644 --- a/2021/37xxx/CVE-2021-37176.json +++ b/2021/37xxx/CVE-2021-37176.json @@ -66,6 +66,11 @@ "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1073/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1073/" } ] } diff --git a/2021/37xxx/CVE-2021-37412.json b/2021/37xxx/CVE-2021-37412.json index d68e27113e1..540e29827c9 100644 --- a/2021/37xxx/CVE-2021-37412.json +++ b/2021/37xxx/CVE-2021-37412.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-040.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-040.txt" } ] } diff --git a/2021/39xxx/CVE-2021-39210.json b/2021/39xxx/CVE-2021-39210.json index 4a318818538..36f3d2fed45 100644 --- a/2021/39xxx/CVE-2021-39210.json +++ b/2021/39xxx/CVE-2021-39210.json @@ -69,16 +69,16 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2", - "refsource": "CONFIRM", - "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2" - }, { "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.6", "refsource": "MISC", "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.6" }, + { + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2" + }, { "name": "https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/", "refsource": "MISC", diff --git a/2021/39xxx/CVE-2021-39211.json b/2021/39xxx/CVE-2021-39211.json index 68b6a827835..b76efc5a468 100644 --- a/2021/39xxx/CVE-2021-39211.json +++ b/2021/39xxx/CVE-2021-39211.json @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825", - "refsource": "CONFIRM", - "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825" - }, { "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.6", "refsource": "MISC", "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.6" + }, + { + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825" } ] }, diff --git a/2021/39xxx/CVE-2021-39392.json b/2021/39xxx/CVE-2021-39392.json index b9bec8ea111..86b3a4de761 100644 --- a/2021/39xxx/CVE-2021-39392.json +++ b/2021/39xxx/CVE-2021-39392.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip", + "refsource": "MISC", + "name": "http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281", + "url": "https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281" } ] } diff --git a/2021/40xxx/CVE-2021-40155.json b/2021/40xxx/CVE-2021-40155.json index 84100742715..d250d610b57 100644 --- a/2021/40xxx/CVE-2021-40155.json +++ b/2021/40xxx/CVE-2021-40155.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Navisworks", + "version": { + "version_data": [ + { + "version_value": "2019, 2020, 2021, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/40xxx/CVE-2021-40156.json b/2021/40xxx/CVE-2021-40156.json index a39efa245ee..b8b0e67ed14 100644 --- a/2021/40xxx/CVE-2021-40156.json +++ b/2021/40xxx/CVE-2021-40156.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Navisworks", + "version": { + "version_data": [ + { + "version_value": "2019, 2020, 2021, 2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/40xxx/CVE-2021-40238.json b/2021/40xxx/CVE-2021-40238.json index 7686251275c..9c5798eebe2 100644 --- a/2021/40xxx/CVE-2021-40238.json +++ b/2021/40xxx/CVE-2021-40238.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40238", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40238", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the \"Error Log\" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the \"Cron Jobs\" functionality of Webuzo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/5a24ccc2127ac61b6d9872c9405ebc8e", + "url": "https://gist.github.com/omriinbar/5a24ccc2127ac61b6d9872c9405ebc8e" + }, + { + "refsource": "MISC", + "name": "https://www.webuzo.com/blog/webuzo-2-9-0-launched/", + "url": "https://www.webuzo.com/blog/webuzo-2-9-0-launched/" } ] } diff --git a/2021/40xxx/CVE-2021-40845.json b/2021/40xxx/CVE-2021-40845.json index e14c80265d1..479323c2ac3 100644 --- a/2021/40xxx/CVE-2021-40845.json +++ b/2021/40xxx/CVE-2021-40845.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://ricardojoserf.github.io/CVE-2021-40845/", "url": "https://ricardojoserf.github.io/CVE-2021-40845/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html" } ] }