From e85e7ac8af6eea3190fe0257f6d9bb2eb706665e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Oct 2021 15:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/19xxx/CVE-2020-19954.json | 56 +++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19957.json | 56 +++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19959.json | 56 +++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19960.json | 56 +++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19961.json | 66 ++++++++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19962.json | 56 +++++++++++++++++++++++++---- 2020/19xxx/CVE-2020-19964.json | 66 ++++++++++++++++++++++++++++++---- 2021/20xxx/CVE-2021-20599.json | 58 ++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22963.json | 50 ++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22964.json | 50 ++++++++++++++++++++++++-- 2021/33xxx/CVE-2021-33177.json | 50 ++++++++++++++++++++++++-- 2021/33xxx/CVE-2021-33178.json | 50 ++++++++++++++++++++++++-- 2021/33xxx/CVE-2021-33179.json | 50 ++++++++++++++++++++++++-- 13 files changed, 660 insertions(+), 60 deletions(-) diff --git a/2020/19xxx/CVE-2020-19954.json b/2020/19xxx/CVE-2020-19954.json index 22898e90c0d..b7df0827c37 100644 --- a/2020/19xxx/CVE-2020-19954.json +++ b/2020/19xxx/CVE-2020-19954.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/S-CMS%20v3.0%20XXE%20Arbitrary%20File%20Read%20Vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/S-CMS%20v3.0%20XXE%20Arbitrary%20File%20Read%20Vulnerability.md" } ] } diff --git a/2020/19xxx/CVE-2020-19957.json b/2020/19xxx/CVE-2020-19957.json index c3bf41f7659..52b3495ee4d 100644 --- a/2020/19xxx/CVE-2020-19957.json +++ b/2020/19xxx/CVE-2020-19957.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_print.php.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_print.php.md" } ] } diff --git a/2020/19xxx/CVE-2020-19959.json b/2020/19xxx/CVE-2020-19959.json index 46db954bcec..ebb9833fbe7 100644 --- a/2020/19xxx/CVE-2020-19959.json +++ b/2020/19xxx/CVE-2020-19959.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendmail.php.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendmail.php.md" } ] } diff --git a/2020/19xxx/CVE-2020-19960.json b/2020/19xxx/CVE-2020-19960.json index c290bea013c..dda7043dcf5 100644 --- a/2020/19xxx/CVE-2020-19960.json +++ b/2020/19xxx/CVE-2020-19960.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19960", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendsms.php.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendsms.php.md" } ] } diff --git a/2020/19xxx/CVE-2020-19961.json b/2020/19xxx/CVE-2020-19961.json index c610f9eb4cf..fbb8da4a07f 100644 --- a/2020/19xxx/CVE-2020-19961.json +++ b/2020/19xxx/CVE-2020-19961.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19961", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19961", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zzcms.com", + "refsource": "MISC", + "name": "http://zzcms.com" + }, + { + "url": "https://github.com/forget-code/zzcms", + "refsource": "MISC", + "name": "https://github.com/forget-code/zzcms" + }, + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20subzs.php.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20subzs.php.md" } ] } diff --git a/2020/19xxx/CVE-2020-19962.json b/2020/19xxx/CVE-2020-19962.json index 54e834e48c8..c88be8b9f66 100644 --- a/2020/19xxx/CVE-2020-19962.json +++ b/2020/19xxx/CVE-2020-19962.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19962", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19962", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhuxianjin/vuln_repo/blob/master/chaojicms_stored_xss.md", + "refsource": "MISC", + "name": "https://github.com/zhuxianjin/vuln_repo/blob/master/chaojicms_stored_xss.md" } ] } diff --git a/2020/19xxx/CVE-2020-19964.json b/2020/19xxx/CVE-2020-19964.json index c2f6fb097a5..08e906e271c 100644 --- a/2020/19xxx/CVE-2020-19964.json +++ b/2020/19xxx/CVE-2020-19964.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19964", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19964", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://phpmywind.com", + "refsource": "MISC", + "name": "http://phpmywind.com" + }, + { + "url": "https://github.com/gaozhifeng/PHPMyWind", + "refsource": "MISC", + "name": "https://github.com/gaozhifeng/PHPMyWind" + }, + { + "url": "https://github.com/gaozhifeng/PHPMyWind/issues/9", + "refsource": "MISC", + "name": "https://github.com/gaozhifeng/PHPMyWind/issues/9" } ] } diff --git a/2021/20xxx/CVE-2021-20599.json b/2021/20xxx/CVE-2021-20599.json index 0178dbfa9a4..f128a330eb9 100644 --- a/2021/20xxx/CVE-2021-20599.json +++ b/2021/20xxx/CVE-2021-20599.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU; MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU", + "version": { + "version_data": [ + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-011_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU98578731", + "url": "https://jvn.jp/vu/JVNVU98578731" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password." } ] } diff --git a/2021/22xxx/CVE-2021-22963.json b/2021/22xxx/CVE-2021-22963.json index de97df3920f..79838c47db2 100644 --- a/2021/22xxx/CVE-2021-22963.json +++ b/2021/22xxx/CVE-2021-22963.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/fastify/fastify-static", + "version": { + "version_data": [ + { + "version_value": "Affects < v4.2.4. Fixed in >= v4.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect (CWE-601)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1354255", + "url": "https://hackerone.com/reports/1354255" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false." } ] } diff --git a/2021/22xxx/CVE-2021-22964.json b/2021/22xxx/CVE-2021-22964.json index c967d88bd58..41b0bd55594 100644 --- a/2021/22xxx/CVE-2021-22964.json +++ b/2021/22xxx/CVE-2021-22964.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/fastify/fastify-static", + "version": { + "version_data": [ + { + "version_value": "Affected >= v4.2.4, Fixed v4.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1361804", + "url": "https://hackerone.com/reports/1361804" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is \"http://localhost:3000//^/..\"`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`." } ] } diff --git a/2021/33xxx/CVE-2021-33177.json b/2021/33xxx/CVE-2021-33177.json index 51aab0f4c2d..a8b9f8cd90a 100644 --- a/2021/33xxx/CVE-2021-33177.json +++ b/2021/33xxx/CVE-2021-33177.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nagios", + "product": { + "product_data": [ + { + "product_name": "Nagios XI", + "version": { + "version_data": [ + { + "version_value": "<5.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries." } ] } diff --git a/2021/33xxx/CVE-2021-33178.json b/2021/33xxx/CVE-2021-33178.json index 00cb76e22b5..5fa0fa73555 100644 --- a/2021/33xxx/CVE-2021-33178.json +++ b/2021/33xxx/CVE-2021-33178.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nagios", + "product": { + "product_data": [ + { + "product_name": "Nagvis", + "version": { + "version_data": [ + { + "version_value": "<2.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system." } ] } diff --git a/2021/33xxx/CVE-2021-33179.json b/2021/33xxx/CVE-2021-33179.json index 67b8d6d9238..f3c3d0c3895 100644 --- a/2021/33xxx/CVE-2021-33179.json +++ b/2021/33xxx/CVE-2021-33179.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nagios", + "product": { + "product_data": [ + { + "product_name": "Nagios XI", + "version": { + "version_data": [ + { + "version_value": "<5.8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload." } ] }