diff --git a/2020/16xxx/CVE-2020-16156.json b/2020/16xxx/CVE-2020-16156.json index bc73ceb3db2..b7a015d7c55 100644 --- a/2020/16xxx/CVE-2020-16156.json +++ b/2020/16xxx/CVE-2020-16156.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/", "url": "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/" + }, + { + "refsource": "MISC", + "name": "http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html", + "url": "http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html" } ] } diff --git a/2021/23xxx/CVE-2021-23228.json b/2021/23xxx/CVE-2021-23228.json new file mode 100644 index 00000000000..de0a64c13c6 --- /dev/null +++ b/2021/23xxx/CVE-2021-23228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31558.json b/2021/31xxx/CVE-2021-31558.json new file mode 100644 index 00000000000..ccd2849bc1d --- /dev/null +++ b/2021/31xxx/CVE-2021-31558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38182.json b/2021/38xxx/CVE-2021-38182.json index b88460fa641..13083bd8f95 100644 --- a/2021/38xxx/CVE-2021-38182.json +++ b/2021/38xxx/CVE-2021-38182.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "Kyma", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "<1.24.7" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Header Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv", + "refsource": "MISC", + "name": "https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv" } ] } diff --git a/2021/38xxx/CVE-2021-38361.json b/2021/38xxx/CVE-2021-38361.json index 5311a354426..8d75a7eabfb 100644 --- a/2021/38xxx/CVE-2021-38361.json +++ b/2021/38xxx/CVE-2021-38361.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-38361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": ".htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".htaccess Redirect", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.3.1", + "version_value": "0.3.1" + } + ] + } + } + ] + }, + "vendor_name": ".htaccess Redirect" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38361", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38361" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/htaccess-redirect/trunk/htaccess-redirect.php#L249", + "name": "https://plugins.trac.wordpress.org/browser/htaccess-redirect/trunk/htaccess-redirect.php#L249" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39308.json b/2021/39xxx/CVE-2021-39308.json index b14e84db20c..7639b0a45ef 100644 --- a/2021/39xxx/CVE-2021-39308.json +++ b/2021/39xxx/CVE-2021-39308.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-14T12:43:00.000Z", "ID": "CVE-2021-39308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WooCommerce myghpay Payment Gateway ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.0", + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "WooCommerce myghpay Payment Gateway " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39308", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39308" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/woo-myghpay-payment-gateway/trunk/processresponse.php?rev=2410420#L134", + "name": "https://plugins.trac.wordpress.org/browser/woo-myghpay-payment-gateway/trunk/processresponse.php?rev=2410420#L134" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39309.json b/2021/39xxx/CVE-2021-39309.json index 86bff3230be..5d32bf7e9c2 100644 --- a/2021/39xxx/CVE-2021-39309.json +++ b/2021/39xxx/CVE-2021-39309.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Parsian Bank Gateway for Woocommerce <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Parsian Bank Gateway for Woocommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "Parsian Bank Gateway for Woocommerce" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39309", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39309" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/parsian-bank-gateway-for-woocommerce/tags/1.0/vendor/dpsoft/parsian-payment/sample/rollback-payment.php#L39", + "name": "https://plugins.trac.wordpress.org/browser/parsian-bank-gateway-for-woocommerce/tags/1.0/vendor/dpsoft/parsian-payment/sample/rollback-payment.php#L39" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39310.json b/2021/39xxx/CVE-2021-39310.json index 5b77ef3012f..cffa81ed70e 100644 --- a/2021/39xxx/CVE-2021-39310.json +++ b/2021/39xxx/CVE-2021-39310.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Real WYSIWYG <= 0.0.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Real WYSIWYG", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.0.2", + "version_value": "0.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Real WYSIWYG" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39310", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39310" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/real-wysiwyg/tags/0.0.2/real-wysiwyg.php#L213", + "name": "https://plugins.trac.wordpress.org/browser/real-wysiwyg/tags/0.0.2/real-wysiwyg.php#L213" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39311.json b/2021/39xxx/CVE-2021-39311.json index 3293e7bbdda..4f3435e9ba7 100644 --- a/2021/39xxx/CVE-2021-39311.json +++ b/2021/39xxx/CVE-2021-39311.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "link-list-manager <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "link-list-manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "link-list-manager" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39311", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39311" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/link-list-manager/tags/1.0/llm.php#L191", + "name": "https://plugins.trac.wordpress.org/browser/link-list-manager/tags/1.0/llm.php#L191" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39312.json b/2021/39xxx/CVE-2021-39312.json index b8493487a43..584c75b5c5d 100644 --- a/2021/39xxx/CVE-2021-39312.json +++ b/2021/39xxx/CVE-2021-39312.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "True Ranker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.2.2", + "version_value": "2.2.2" + } + ] + } + } + ] + }, + "vendor_name": "True Ranker" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39312" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php", + "name": "https://plugins.trac.wordpress.org/browser/seo-local-rank/tags/2.2.2/admin/vendor/datatables/examples/resources/examples.php" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 2.2.4, or newer. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39313.json b/2021/39xxx/CVE-2021-39313.json index 81213cda3c9..9b8e161e276 100644 --- a/2021/39xxx/CVE-2021-39313.json +++ b/2021/39xxx/CVE-2021-39313.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Simple Image Gallery <= 1.0.6 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Simple Image Gallery ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.6", + "version_value": "1.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Simple Image Gallery " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39313", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39313" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/simple-responsive-image-gallery/tags/1.0.6/simple-image-gallery.php#L420", + "name": "https://plugins.trac.wordpress.org/browser/simple-responsive-image-gallery/tags/1.0.6/simple-image-gallery.php#L420" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39314.json b/2021/39xxx/CVE-2021-39314.json index 7cc88a6b35b..29dec58e27a 100644 --- a/2021/39xxx/CVE-2021-39314.json +++ b/2021/39xxx/CVE-2021-39314.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39314", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WooCommerce EnvioPack ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + }, + "vendor_name": "WooCommerce EnvioPack " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39314", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39314" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/woo-enviopack/trunk/includes/functions.php?rev=2239846#L605", + "name": "https://plugins.trac.wordpress.org/browser/woo-enviopack/trunk/includes/functions.php?rev=2239846#L605" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39315.json b/2021/39xxx/CVE-2021-39315.json index eb177022c12..689dbc7c9bb 100644 --- a/2021/39xxx/CVE-2021-39315.json +++ b/2021/39xxx/CVE-2021-39315.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Magic Post Voice <= 1.2 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magic Post Voice", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + }, + "vendor_name": "Magic Post Voice" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39315", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39315" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/magic-post-voice/trunk/inc/admin/main.php#L14", + "name": "https://plugins.trac.wordpress.org/browser/magic-post-voice/trunk/inc/admin/main.php#L14" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39318.json b/2021/39xxx/CVE-2021-39318.json index 21b7a1405ef..af4fb82b0c7 100644 --- a/2021/39xxx/CVE-2021-39318.json +++ b/2021/39xxx/CVE-2021-39318.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "H5P CSS Editor ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "H5P CSS Editor " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39318", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39318" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/h5p-css-editor/tags/1.0/h5p-css-editor.php#L50", + "name": "https://plugins.trac.wordpress.org/browser/h5p-css-editor/tags/1.0/h5p-css-editor.php#L50" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39319.json b/2021/39xxx/CVE-2021-39319.json index 7c955ec24e3..cc23190d5fe 100644 --- a/2021/39xxx/CVE-2021-39319.json +++ b/2021/39xxx/CVE-2021-39319.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-13T12:43:00.000Z", "ID": "CVE-2021-39319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "duoFAQ - Responsive, Flat, Simple FAQ ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.8", + "version_value": "1.4.8" + } + ] + } + } + ] + }, + "vendor_name": "duoFAQ - Responsive, Flat, Simple FAQ " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "p7e4" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39319", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39319" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/duofaq-responsive-flat-simple-faq/tags/1.4.8/duogeek/duogeek-panel.php#L388", + "name": "https://plugins.trac.wordpress.org/browser/duofaq-responsive-flat-simple-faq/tags/1.4.8/duogeek/duogeek-panel.php#L388" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Uninstall plugin from WordPress site. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41065.json b/2021/41xxx/CVE-2021-41065.json index 43d1dbaecb1..790b19ef650 100644 --- a/2021/41xxx/CVE-2021-41065.json +++ b/2021/41xxx/CVE-2021-41065.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41065", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Listary through 6. An attacker can create a \\\\.\\pipe\\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.listary.com/download", + "refsource": "MISC", + "name": "https://www.listary.com/download" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e", + "url": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e" } ] } diff --git a/2021/41xxx/CVE-2021-41066.json b/2021/41xxx/CVE-2021-41066.json index 24de4d61391..3a4d068c844 100644 --- a/2021/41xxx/CVE-2021-41066.json +++ b/2021/41xxx/CVE-2021-41066.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41066", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.listary.com/download", + "refsource": "MISC", + "name": "https://www.listary.com/download" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e", + "url": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e" } ] } diff --git a/2021/41xxx/CVE-2021-41067.json b/2021/41xxx/CVE-2021-41067.json index 309a136c96b..28255c29dc5 100644 --- a/2021/41xxx/CVE-2021-41067.json +++ b/2021/41xxx/CVE-2021-41067.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.listary.com/download", + "refsource": "MISC", + "name": "https://www.listary.com/download" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e", + "url": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e" } ] } diff --git a/2021/41xxx/CVE-2021-41836.json b/2021/41xxx/CVE-2021-41836.json index 5b7ba7f9f46..089391bc572 100644 --- a/2021/41xxx/CVE-2021-41836.json +++ b/2021/41xxx/CVE-2021-41836.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-08T13:23:00.000Z", "ID": "CVE-2021-41836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fathom Analytics ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.0.4", + "version_value": "3.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Fathom Analytics " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Jos\u00e9 Aguilera" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-41836", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-41836" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2641005%40fathom-analytics&new=2641005%40fathom-analytics&sfp_email=&sfph_mail=", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2641005%40fathom-analytics&new=2641005%40fathom-analytics&sfp_email=&sfph_mail=" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 3.0.5, or newer. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42061.json b/2021/42xxx/CVE-2021-42061.json index 7b052d5f966..e9950abf771 100644 --- a/2021/42xxx/CVE-2021-42061.json +++ b/2021/42xxx/CVE-2021-42061.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "420" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the \"Quick Prompt\" workflow." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3103677", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3103677" + }, + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" } ] } diff --git a/2021/42xxx/CVE-2021-42063.json b/2021/42xxx/CVE-2021-42063.json index 852ff131f4b..a865f89a13d 100644 --- a/2021/42xxx/CVE-2021-42063.json +++ b/2021/42xxx/CVE-2021-42063.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Knowledge Warehouse", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3102769", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3102769" } ] } diff --git a/2021/42xxx/CVE-2021-42064.json b/2021/42xxx/CVE-2021-42064.json index 3f04279e4b3..d7c18354bf0 100644 --- a/2021/42xxx/CVE-2021-42064.json +++ b/2021/42xxx/CVE-2021-42064.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1905" + }, + { + "version_name": "<", + "version_value": "2005" + }, + { + "version_name": "<", + "version_value": "2105" + }, + { + "version_name": "<", + "version_value": "2011" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized \"in\" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized \"in\" clause accepts more than 1000 values." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3114134", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3114134" } ] } diff --git a/2021/42xxx/CVE-2021-42066.json b/2021/42xxx/CVE-2021-42066.json index 5438f1d3285..3b3ce906b4e 100644 --- a/2021/42xxx/CVE-2021-42066.json +++ b/2021/42xxx/CVE-2021-42066.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business One", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3101299", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3101299" } ] } diff --git a/2021/42xxx/CVE-2021-42068.json b/2021/42xxx/CVE-2021-42068.json index 252fdbcb697..54c54b8f975 100644 --- a/2021/42xxx/CVE-2021-42068.json +++ b/2021/42xxx/CVE-2021-42068.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3121165", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3121165" + }, + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" } ] } diff --git a/2021/42xxx/CVE-2021-42069.json b/2021/42xxx/CVE-2021-42069.json index b46b66d451e..3ffb7f723be 100644 --- a/2021/42xxx/CVE-2021-42069.json +++ b/2021/42xxx/CVE-2021-42069.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3121165", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3121165" + }, + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" } ] } diff --git a/2021/42xxx/CVE-2021-42070.json b/2021/42xxx/CVE-2021-42070.json index ddc812b8e81..b302cc504d1 100644 --- a/2021/42xxx/CVE-2021-42070.json +++ b/2021/42xxx/CVE-2021-42070.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/3121165", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3121165" + }, + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" } ] } diff --git a/2021/42xxx/CVE-2021-42367.json b/2021/42xxx/CVE-2021-42367.json index 350baf630ce..d2598b986a5 100644 --- a/2021/42xxx/CVE-2021-42367.json +++ b/2021/42xxx/CVE-2021-42367.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-01T13:23:00.000Z", "ID": "CVE-2021-42367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Variation Swatches for WooCommerce ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.1.1", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Variation Swatches for WooCommerce " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42367", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42367" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2634227%40variation-swatches-for-woocommerce&new=2634227%40variation-swatches-for-woocommerce&sfp_email=&sfph_mail=", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2634227%40variation-swatches-for-woocommerce&new=2634227%40variation-swatches-for-woocommerce&sfp_email=&sfph_mail=" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 2.1.2, or newer. " + } + ], + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44231.json b/2021/44xxx/CVE-2021-44231.json index 25c2ad3d90c..7b0450dd19e 100644 --- a/2021/44xxx/CVE-2021-44231.json +++ b/2021/44xxx/CVE-2021-44231.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44231", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP ABAP Server & ABAP Platform (Translation Tools)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "701" + }, + { + "version_name": "<", + "version_value": "740" + }, + { + "version_name": "<", + "version_value": "750" + }, + { + "version_name": "<", + "version_value": "751" + }, + { + "version_name": "<", + "version_value": "752" + }, + { + "version_name": "<", + "version_value": "753" + }, + { + "version_name": "<", + "version_value": "754" + }, + { + "version_name": "<", + "version_value": "755" + }, + { + "version_name": "<", + "version_value": "756" + }, + { + "version_name": "<", + "version_value": "804" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3119365", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3119365" } ] } diff --git a/2021/44xxx/CVE-2021-44232.json b/2021/44xxx/CVE-2021-44232.json index fc133407858..ec870356855 100644 --- a/2021/44xxx/CVE-2021-44232.json +++ b/2021/44xxx/CVE-2021-44232.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAF-T Framework", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "SAP_FIN 617" + }, + { + "version_name": "<", + "version_value": "618" + }, + { + "version_name": "<", + "version_value": "720" + }, + { + "version_name": "<", + "version_value": "730" + }, + { + "version_name": "<", + "version_value": "SAP_APPL 600" + }, + { + "version_name": "<", + "version_value": "602" + }, + { + "version_name": "<", + "version_value": "603" + }, + { + "version_name": "<", + "version_value": "604" + }, + { + "version_name": "<", + "version_value": "605" + }, + { + "version_name": "<", + "version_value": "606" + }, + { + "version_name": "<", + "version_value": "S4CORE 102" + }, + { + "version_name": "<", + "version_value": "103" + }, + { + "version_name": "<", + "version_value": "104" + }, + { + "version_name": "<", + "version_value": "105" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3124094", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3124094" } ] } diff --git a/2021/44xxx/CVE-2021-44233.json b/2021/44xxx/CVE-2021-44233.json index 00ff60457b1..e817e5ef392 100644 --- a/2021/44xxx/CVE-2021-44233.json +++ b/2021/44xxx/CVE-2021-44233.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44233", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP GRC Access Control", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "V1100_700" + }, + { + "version_name": "<", + "version_value": "V1100_731" + }, + { + "version_name": "<", + "version_value": "V1200_750" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3080816", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3080816" } ] } diff --git a/2021/44xxx/CVE-2021-44235.json b/2021/44xxx/CVE-2021-44235.json index 57b7109b7b8..72410f7b8ee 100644 --- a/2021/44xxx/CVE-2021-44235.json +++ b/2021/44xxx/CVE-2021-44235.json @@ -4,14 +4,127 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver AS ABAP", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "700" + }, + { + "version_name": "<", + "version_value": "701" + }, + { + "version_name": "<", + "version_value": "702" + }, + { + "version_name": "<", + "version_value": "710" + }, + { + "version_name": "<", + "version_value": "711" + }, + { + "version_name": "<", + "version_value": "730" + }, + { + "version_name": "<", + "version_value": "731" + }, + { + "version_name": "<", + "version_value": "740" + }, + { + "version_name": "<", + "version_value": "750" + }, + { + "version_name": "<", + "version_value": "751" + }, + { + "version_name": "<", + "version_value": "752" + }, + { + "version_name": "<", + "version_value": "753" + }, + { + "version_name": "<", + "version_value": "754" + }, + { + "version_name": "<", + "version_value": "755" + }, + { + "version_name": "<", + "version_value": "756" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3123196", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3123196" } ] } diff --git a/2021/44xxx/CVE-2021-44471.json b/2021/44xxx/CVE-2021-44471.json new file mode 100644 index 00000000000..122bee6e240 --- /dev/null +++ b/2021/44xxx/CVE-2021-44471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44544.json b/2021/44xxx/CVE-2021-44544.json new file mode 100644 index 00000000000..9bcee957d25 --- /dev/null +++ b/2021/44xxx/CVE-2021-44544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44549.json b/2021/44xxx/CVE-2021-44549.json index f6cde3a1ef8..9e2a9564ad9 100644 --- a/2021/44xxx/CVE-2021-44549.json +++ b/2021/44xxx/CVE-2021-44549.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS.\n\nTo reduce the risk of \"man in the middle\" attacks additional server identity checks must be performed when accessing mail servers.\n\nFor compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail.\n\nThe SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session.\nA user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true.\n\nApache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default.\n\n- https://javaee.github.io/javamail/docs/SSLNOTES.txt\n- https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html\n- https://github.com/eclipse-ee4j/mail/issues/429" + "value": "Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of \"man in the middle\" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429" } ] }, @@ -70,8 +70,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f", + "name": "https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f" } ] }, @@ -84,4 +85,4 @@ "value": "Set the property mail.smtps.ssl.checkserveridentity to true via message's session." } ] -} +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44768.json b/2021/44xxx/CVE-2021-44768.json new file mode 100644 index 00000000000..a8006670263 --- /dev/null +++ b/2021/44xxx/CVE-2021-44768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45044.json b/2021/45xxx/CVE-2021-45044.json new file mode 100644 index 00000000000..88257c5fea3 --- /dev/null +++ b/2021/45xxx/CVE-2021-45044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45045.json b/2021/45xxx/CVE-2021-45045.json new file mode 100644 index 00000000000..21c58d27310 --- /dev/null +++ b/2021/45xxx/CVE-2021-45045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45046.json b/2021/45xxx/CVE-2021-45046.json new file mode 100644 index 00000000000..b7527e906e0 --- /dev/null +++ b/2021/45xxx/CVE-2021-45046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4073.json b/2021/4xxx/CVE-2021-4073.json index f9149b3b365..c3e9dcd6c3e 100644 --- a/2021/4xxx/CVE-2021-4073.json +++ b/2021/4xxx/CVE-2021-4073.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-12-08T13:23:00.000Z", "ID": "CVE-2021-4073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RegistrationMagic <= 5.0.1.7 Authentication Bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RegistrationMagic", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.0.1.7", + "version_value": "5.0.1.7" + } + ] + } + } + ] + }, + "vendor_name": "RegistrationMagic" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland, Wordfence" + }, + { + "lang": "eng", + "value": "Marco Wotschka, Wordfence" + }, + { + "lang": "eng", + "value": "AyeCode Ltd" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4073", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4073" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/2635173/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_user_services.php", + "name": "https://plugins.trac.wordpress.org/changeset/2635173/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_user_services.php" + }, + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin/", + "name": "https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 5.0.1.8, or newer. " + } + ], + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file