diff --git a/2020/10xxx/CVE-2020-10770.json b/2020/10xxx/CVE-2020-10770.json index c2311327813..e0efb4eaa89 100644 --- a/2020/10xxx/CVE-2020-10770.json +++ b/2020/10xxx/CVE-2020-10770.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846270" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html" } ] }, diff --git a/2021/20xxx/CVE-2021-20031.json b/2021/20xxx/CVE-2021-20031.json index b21da576873..ef25613daa5 100644 --- a/2021/20xxx/CVE-2021-20031.json +++ b/2021/20xxx/CVE-2021-20031.json @@ -77,6 +77,11 @@ "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0019" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html", + "url": "http://packetstormsecurity.com/files/164502/Sonicwall-SonicOS-7.0-Host-Header-Injection.html" } ] } diff --git a/2021/31xxx/CVE-2021-31799.json b/2021/31xxx/CVE-2021-31799.json index dd0783d1597..2c33f1fba05 100644 --- a/2021/31xxx/CVE-2021-31799.json +++ b/2021/31xxx/CVE-2021-31799.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210902-0004/", "url": "https://security.netapp.com/advisory/ntap-20210902-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html" } ] } diff --git a/2021/31xxx/CVE-2021-31810.json b/2021/31xxx/CVE-2021-31810.json index 932521cd0e2..ee58c62965c 100644 --- a/2021/31xxx/CVE-2021-31810.json +++ b/2021/31xxx/CVE-2021-31810.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210917-0001/", "url": "https://security.netapp.com/advisory/ntap-20210917-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html" } ] } diff --git a/2021/32xxx/CVE-2021-32066.json b/2021/32xxx/CVE-2021-32066.json index 85ff0bf955b..27fa22df170 100644 --- a/2021/32xxx/CVE-2021-32066.json +++ b/2021/32xxx/CVE-2021-32066.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210902-0004/", "url": "https://security.netapp.com/advisory/ntap-20210902-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html" } ] } diff --git a/2021/35xxx/CVE-2021-35498.json b/2021/35xxx/CVE-2021-35498.json index c01e05d0364..f66cc73d77a 100644 --- a/2021/35xxx/CVE-2021-35498.json +++ b/2021/35xxx/CVE-2021-35498.json @@ -1,171 +1,171 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-10-13T17:00:00Z", - "ID": "CVE-2021-35498", - "STATE": "PUBLIC", - "TITLE": "TIBCO EBX Insecure Login Mechanism" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO EBX", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "5.8.123" - } - ] - } - }, - { - "product_name": "TIBCO EBX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.9.3" - }, - { - "version_affected": "=", - "version_value": "5.9.4" - }, - { - "version_affected": "=", - "version_value": "5.9.5" - }, - { - "version_affected": "=", - "version_value": "5.9.6" - }, - { - "version_affected": "=", - "version_value": "5.9.7" - }, - { - "version_affected": "=", - "version_value": "5.9.8" - }, - { - "version_affected": "=", - "version_value": "5.9.9" - }, - { - "version_affected": "=", - "version_value": "5.9.10" - }, - { - "version_affected": "=", - "version_value": "5.9.11" - }, - { - "version_affected": "=", - "version_value": "5.9.12" - }, - { - "version_affected": "=", - "version_value": "5.9.13" - }, - { - "version_affected": "=", - "version_value": "5.9.14" - } - ] - } - }, - { - "product_name": "TIBCO EBX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.0.0" - }, - { - "version_affected": "=", - "version_value": "6.0.1" - } - ] - } - }, - { - "product_name": "TIBCO Product and Service Catalog powered by TIBCO EBX", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid.\n\nAffected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "In the worst case, if the targeted account is a privileged administrator, successful exploitation of this vulnerability can result in an attacker gaining full administrative access to the affected system." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "https://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.123 and below update to version 5.8.124 or later\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14 update to version 5.9.15 or later\nTIBCO EBX versions 6.0.0 and 6.0.1 update to version 6.0.2 or later\nTIBCO Product and Service Catalog powered by TIBCO EBX version 1.0.0 update to version 1.1.0 or later" - } - ], - "source": { - "discovery": "CUSTOMER" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-10-13T17:00:00Z", + "ID": "CVE-2021-35498", + "STATE": "PUBLIC", + "TITLE": "TIBCO EBX Insecure Login Mechanism" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO EBX", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "5.8.123" + } + ] + } + }, + { + "product_name": "TIBCO EBX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.9.3" + }, + { + "version_affected": "=", + "version_value": "5.9.4" + }, + { + "version_affected": "=", + "version_value": "5.9.5" + }, + { + "version_affected": "=", + "version_value": "5.9.6" + }, + { + "version_affected": "=", + "version_value": "5.9.7" + }, + { + "version_affected": "=", + "version_value": "5.9.8" + }, + { + "version_affected": "=", + "version_value": "5.9.9" + }, + { + "version_affected": "=", + "version_value": "5.9.10" + }, + { + "version_affected": "=", + "version_value": "5.9.11" + }, + { + "version_affected": "=", + "version_value": "5.9.12" + }, + { + "version_affected": "=", + "version_value": "5.9.13" + }, + { + "version_affected": "=", + "version_value": "5.9.14" + } + ] + } + }, + { + "product_name": "TIBCO EBX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.0.0" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + } + ] + } + }, + { + "product_name": "TIBCO Product and Service Catalog powered by TIBCO EBX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "In the worst case, if the targeted account is a privileged administrator, successful exploitation of this vulnerability can result in an attacker gaining full administrative access to the affected system." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.123 and below update to version 5.8.124 or later\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14 update to version 5.9.15 or later\nTIBCO EBX versions 6.0.0 and 6.0.1 update to version 6.0.2 or later\nTIBCO Product and Service Catalog powered by TIBCO EBX version 1.0.0 update to version 1.1.0 or later" + } + ], + "source": { + "discovery": "CUSTOMER" + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3057.json b/2021/3xxx/CVE-2021-3057.json index 4c4c5fb207e..02baef19deb 100644 --- a/2021/3xxx/CVE-2021-3057.json +++ b/2021/3xxx/CVE-2021-3057.json @@ -87,7 +87,7 @@ "description_data": [ { "lang": "eng", - "value": "A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges.\n\nThis issue impacts:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows;\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows;\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform;\nGlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux." + "value": "A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux." } ] }, @@ -131,8 +131,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://security.paloaltonetworks.com/CVE-2021-3057" + "refsource": "MISC", + "url": "https://security.paloaltonetworks.com/CVE-2021-3057", + "name": "https://security.paloaltonetworks.com/CVE-2021-3057" } ] }, diff --git a/2021/40xxx/CVE-2021-40732.json b/2021/40xxx/CVE-2021-40732.json index 5d5167b16b1..dbcf1d0b751 100644 --- a/2021/40xxx/CVE-2021-40732.json +++ b/2021/40xxx/CVE-2021-40732.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-08-10T23:00:00.000Z", "ID": "CVE-2021-40732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XMP Toolkit SDK Null Pointer Dereference" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XMP Toolkit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.1" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "Low", + "baseScore": 4.4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html", + "name": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42013.json b/2021/42xxx/CVE-2021-42013.json index ca6358930f9..78bb2d247be 100644 --- a/2021/42xxx/CVE-2021-42013.json +++ b/2021/42xxx/CVE-2021-42013.json @@ -153,6 +153,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-2a10bc68a4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html" } ] },