admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-18 17:01:38 +00:00
parent 5c75e66dd6
commit f247b3202f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
79 changed files with 1826 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2011/1xxx/CVE-2011-1762.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1762",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1762",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wordpress",
"version": {
"version_data": [
{
"version_value": "wordpress before 3.0.6 and 3.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://wordpress.org/support/wordpress-version/version-3-1-2/",
"url": "https://wordpress.org/support/wordpress-version/version-3-1-2/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission."
}
]
}

63
2011/4xxx/CVE-2011-4917.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4917",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4917",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel through 3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lkml.org/lkml/2011/11/7/340",
"url": "https://lkml.org/lkml/2011/11/7/340"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/12/28/4",
"url": "https://www.openwall.com/lists/oss-security/2011/12/28/4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat."
}
]
}

2
2020/13xxx/CVE-2020-13567.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability."
"value": "Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},

92
2020/25xxx/CVE-2020-25163.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI Vision Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Vision",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2020"
}
]
}
}
]
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OSIsoft reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim\u2019s user permissions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
}
]
},
"solution": [
{
"lang": "eng",
"value": "OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these vulnerabilities.\n\nRecommended defensive measures and related configuration settings are described on the OSIsoft customer portal (Login required)."
}
],
"source": {
"discovery": "INTERNAL"
}
}

92
2020/25xxx/CVE-2020-25167.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OSIsoft PI Vision Incorrect Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PI Vision",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2020"
}
]
}
}
]
},
"vendor_name": "OSIsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OSIsoft reported these vulnerabilities to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-315-02"
}
]
},
"solution": [
{
"lang": "eng",
"value": "OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these vulnerabilities.\n\nRecommended defensive measures and related configuration settings are described on the OSIsoft customer portal (Login required)."
}
],
"source": {
"discovery": "INTERNAL"
}
}

2
2020/28xxx/CVE-2020-28602.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[]."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[]."
}
]
},

2
2020/28xxx/CVE-2020-28603.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev()."
}
]
},

2
2020/28xxx/CVE-2020-28604.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next()."
}
]
},

2
2020/28xxx/CVE-2020-28605.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex()."
}
]
},

2
2020/28xxx/CVE-2020-28606.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face()."
}
]
},

2
2020/28xxx/CVE-2020-28607.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge()."
}
]
},

2
2020/28xxx/CVE-2020-28608.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc()."
}
]
},

2
2020/28xxx/CVE-2020-28609.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv()."
}
]
},

2
2020/28xxx/CVE-2020-28610.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face()."
}
]
},

2
2020/28xxx/CVE-2020-28611.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge()."
}
]
},

2
2020/28xxx/CVE-2020-28612.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin()."
}
]
},

2
2020/28xxx/CVE-2020-28613.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last()."
}
]
},

2
2020/28xxx/CVE-2020-28614.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin()."
}
]
},

2
2020/28xxx/CVE-2020-28615.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last()."
}
]
},

2
2020/28xxx/CVE-2020-28616.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin()."
}
]
},

2
2020/28xxx/CVE-2020-28617.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last()."
}
]
},

2
2020/28xxx/CVE-2020-28618.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop()."
}
]
},

2
2020/28xxx/CVE-2020-28619.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin()."
}
]
},

2
2020/28xxx/CVE-2020-28620.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():."
}
]
},

2
2020/28xxx/CVE-2020-28621.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge()."
}
]
},

2
2020/28xxx/CVE-2020-28622.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface()."
}
]
},

2
2020/28xxx/CVE-2020-28623.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin()."
}
]
},

2
2020/28xxx/CVE-2020-28624.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of."
}
]
},

2
2020/28xxx/CVE-2020-28625.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of."
}
]
},

2
2020/28xxx/CVE-2020-28626.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume()."
}
]
},

2
2020/28xxx/CVE-2020-28627.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects()."
}
]
},

2
2020/28xxx/CVE-2020-28628.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin()."
}
]
},

2
2020/28xxx/CVE-2020-28629.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev()."
}
]
},

2
2020/28xxx/CVE-2020-28630.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext()."
}
]
},

2
2020/28xxx/CVE-2020-28631.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source()."
}
]
},

2
2020/28xxx/CVE-2020-28632.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface()."
}
]
},

2
2020/28xxx/CVE-2020-28633.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev()."
}
]
},

2
2020/28xxx/CVE-2020-28634.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next()."
}
]
},

2
2020/28xxx/CVE-2020-28635.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet()."
}
]
},

2
2020/35xxx/CVE-2020-35629.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet()."
}
]
},

2
2020/35xxx/CVE-2020-35630.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex()."
}
]
},

2
2020/35xxx/CVE-2020-35631.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle()."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle()."
}
]
},

2
2020/35xxx/CVE-2020-35632.json
View File

@ -12,7 +12,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities.\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of."
"value": "Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of."
}
]
},

50
2021/20xxx/CVE-2021-20324.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wildfly-elytron",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1830206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830206"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication."
}
]
}

99
2021/23xxx/CVE-2021-23284.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2022-04-01T10:56:00.000Z",
"ID": "CVE-2021-23284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Security issues in Eaton Intelligent Power Manager Infrastructure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Power Manager Infrastructure (IPM Infrastructure)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.0plus205"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton thanks the ICS-Cert organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23284 \u2013 Micheal Heinzl via ICS-Cert"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf"
},
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.",
"name": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf."
}
]
},
"solution": [
{
"lang": "eng",
"value": "The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification. Check References section. \nThe transition to IPM Monitor Edition is in progress. Refer the Product page for further details."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2021/23xxx/CVE-2021-23285.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2022-04-01T10:56:00.000Z",
"ID": "CVE-2021-23285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Security issues in Eaton Intelligent Power Manager Infrastructure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Power Manager Infrastructure (IPM Infrastructure)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.0plus205"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton thanks the ICS-Cert organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23285 \u2013 Micheal Heinzl via ICS-Cert"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf"
},
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.",
"name": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf."
}
]
},
"solution": [
{
"lang": "eng",
"value": "The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification: \nThe transition to IPM Monitor Edition is in progress. Refer the Product page for further details."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2021/23xxx/CVE-2021-23286.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2022-04-01T10:56:00.000Z",
"ID": "CVE-2021-23286",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Security issues in Eaton Intelligent Power Manager Infrastructure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Power Manager Infrastructure (IPM Infrastructure)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all",
"version_value": "1.5.0plus205"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton thanks the ICS-Cert organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23286 \u2013 Micheal Heinzl via ICS-Cert"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf"
},
{
"refsource": "MISC",
"url": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.",
"name": "https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf."
}
]
},
"solution": [
{
"lang": "eng",
"value": "The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification: \nThe transition to IPM Monitor Edition is in progress. Refer the Product page for further details."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

8
2021/27xxx/CVE-2021-27033.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Double Free Vulnerability "
"value": "Double Free"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."
"value": "A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."
}
]
}

53
2021/27xxx/CVE-2021-27035.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bound Read Vulnerability "
"value": "Out-of-bounds Read"
}
]
}
@ -46,53 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1136/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1136/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1140/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1140/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1137/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1137/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1133/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1133/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1139/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1139/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1135/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1135/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1134/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1134/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-481/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-481/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-480/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-480/"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -100,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability can be exploited to execute arbitrary code."
"value": "A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
}

58
2021/27xxx/CVE-2021-27036.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write Vulnerability"
"value": "Out-of-bounds Write"
}
]
}
@ -46,58 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1142/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1142/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1143/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1143/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1138/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1138/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1141/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1141/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-457/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-457/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-479/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-479/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-456/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-456/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-482/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-482/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-458/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-458/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-462/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-462/"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -105,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or TIFF files. This vulnerability can be exploited to execute arbitrary code."
"value": "A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code"
}
]
}

11
2021/27xxx/CVE-2021-27037.json
View File

@ -46,13 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-459/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-459/"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -60,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code."
"value": "A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code."
}
]
}

8
2021/27xxx/CVE-2021-27038.json
View File

@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Type Confusion Vulnerability "
"value": "Type Confusion RCE Vulnerability "
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code."
"value": "A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code."
}
]
}

11
2021/27xxx/CVE-2021-27039.json
View File

@ -46,13 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-505/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-505/"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
@ -60,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code."
"value": "A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code."
}
]
}

55
2021/3xxx/CVE-2021-3503.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wildfly",
"version": {
"version_data": [
{
"version_value": "Wildfly 23.0.1.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1942693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942693"
},
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/WFLY-11933",
"url": "https://issues.redhat.com/browse/WFLY-11933"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data."
}
]
}

50
2021/3xxx/CVE-2021-3624.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3624",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dcraw",
"version": {
"version_data": [
{
"version_value": "dcraw 9.28-2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20->CWE-190->CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system."
}
]
}

55
2021/3xxx/CVE-2021-3652.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "389-ds-base 2.0.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782"
},
{
"refsource": "MISC",
"name": "https://github.com/389ds/389-ds-base/issues/4817",
"url": "https://github.com/389ds/389-ds-base/issues/4817"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled."
}
]
}

55
2021/3xxx/CVE-2021-3681.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "ansible 3.3.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522->CWE-212"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407"
},
{
"refsource": "MISC",
"name": "https://github.com/ansible/galaxy/issues/1977",
"url": "https://github.com/ansible/galaxy/issues/1977"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in \"galaxy.yml\" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets."
}
]
}

6
2021/40xxx/CVE-2021-40157.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "1.5.0"
"version_value": "All versions prior to version to 1.5.0"
}
]
}
@ -46,8 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002"
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
}
]
},

7
2021/40xxx/CVE-2021-40160.json
View File

@ -48,11 +48,6 @@
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-474/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-474/"
}
]
},
@ -60,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted PDF file prior to 9.0.7 may be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code."
"value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
}
]
}

2
2021/40xxx/CVE-2021-40161.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version."
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
}
]
}

6
2021/40xxx/CVE-2021-40167.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "2018"
"version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Memory Corruption Vulnerability"
"value": "Memory Corruption"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files."
"value": "A Memory Corruption Vulnerability may lead to remote code execution through maliciously crafted DWF and TGA files in Autodesk Design Review 2018."
}
]
}

60
2021/42xxx/CVE-2021-42778.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-672"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/f015746d",
"url": "https://github.com/OpenSC/OpenSC/commit/f015746d"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo."
}
]
}

60
2021/42xxx/CVE-2021-42779.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/1db88374",
"url": "https://github.com/OpenSC/OpenSC/commit/1db88374"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid."
}
]
}

60
2021/42xxx/CVE-2021-42780.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/5df913b7",
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
}
]
}

75
2021/42xxx/CVE-2021-42781.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016439"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/17d8980c",
"url": "https://github.com/OpenSC/OpenSC/commit/17d8980c"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/40c50a3a",
"url": "https://github.com/OpenSC/OpenSC/commit/40c50a3a"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/05648b06",
"url": "https://github.com/OpenSC/OpenSC/commit/05648b06"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/5d4daf6c",
"url": "https://github.com/OpenSC/OpenSC/commit/5d4daf6c"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/cae5c71f",
"url": "https://github.com/OpenSC/OpenSC/commit/cae5c71f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library."
}
]
}

75
2021/42xxx/CVE-2021-42782.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016448"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/78cdab94",
"url": "https://github.com/OpenSC/OpenSC/commit/78cdab94"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/7114fb71",
"url": "https://github.com/OpenSC/OpenSC/commit/7114fb71"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/1252aca9",
"url": "https://github.com/OpenSC/OpenSC/commit/1252aca9"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/ae1cf0be",
"url": "https://github.com/OpenSC/OpenSC/commit/ae1cf0be"
},
{
"refsource": "MISC",
"name": "https://github.com/OpenSC/OpenSC/commit/456ac566",
"url": "https://github.com/OpenSC/OpenSC/commit/456ac566"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library."
}
]
}

55
2022/1xxx/CVE-2022-1341.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "bwm-ng",
"version": {
"version_data": [
{
"version_value": "bwm-ng 0.6.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/vgropp/bwm-ng/issues/26",
"url": "https://github.com/vgropp/bwm-ng/issues/26"
},
{
"refsource": "MISC",
"name": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17",
"url": "https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c."
}
]
}

99
2022/23xxx/CVE-2022-23975.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-01-24T12:01:00.000Z",
"ID": "CVE-2022-23975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Demo Importer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.7",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "AccessPress Themes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to activate any installed plugin."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/access-demo-importer/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/access-demo-importer/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-arbitrary-plugin-activation"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.0.8 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/23xxx/CVE-2022-23976.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-01-24T12:01:00.000Z",
"ID": "CVE-2022-23976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Demo Importer (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.7",
"version_value": "1.0.7"
}
]
}
}
]
},
"vendor_name": "AccessPress Themes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/access-demo-importer/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/access-demo-importer/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-data-reset-posts-pages-media",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/access-demo-importer/wordpress-access-demo-importer-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability-leading-to-data-reset-posts-pages-media"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 1.0.8 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/24xxx/CVE-2022-24853.json
View File

@ -93,6 +93,11 @@
"name": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/",
"refsource": "MISC",
"url": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/"
},
{
"refsource": "MISC",
"name": "https://secure77.de/metabase-ntlm-relay-attack/",
"url": "https://secure77.de/metabase-ntlm-relay-attack/"
}
]
},

50
2022/25xxx/CVE-2022-25226.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ThinVNC",
"version": {
"version_data": [
{
"version_value": "1.0b1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/sinatra/",
"url": "https://fluidattacks.com/advisories/sinatra/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server."
}
]
}

13
2022/25xxx/CVE-2022-25795.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
"version_value": "prior to 9.0.7"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference"
"value": "Out-of-bound Write"
}
]
}
@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010;",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010;"
}
]
},
@ -55,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
"value": "A maliciously crafted PDF file can be used to dereference for a write beyond the allocated buffer while parsing PDFTron files. The vulnerability exists because the application fails to handle a crafted PDFTron file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
}
]
}

4
2022/25xxx/CVE-2022-25797.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "Autodesk Trueview",
"product_name": "Autodesk DWGTM TrueView",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
"version_value": "prior to 9.0.7"
}
]
}

50
2022/27xxx/CVE-2022-27525.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Design Review",
"version": {
"version_data": [
{
"version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious crafted .dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current proces."
}
]
}

50
2022/27xxx/CVE-2022-27526.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Design Review",
"version": {
"version_data": [
{
"version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
}

50
2022/27xxx/CVE-2022-27529.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022, 2021, 2020, 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
}
]
}

50
2022/27xxx/CVE-2022-27530.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022, 2021, 2020, 2019"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
}
]
}

55
2022/27xxx/CVE-2022-27652.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "cri-o",
"version": {
"version_data": [
{
"version_value": "Affects all versions."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 - Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"
},
{
"refsource": "MISC",
"name": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs."
}
]
}

99
2022/27xxx/CVE-2022-27853.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2021-12-20T12:39:00.000Z",
"ID": "CVE-2022-27853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contest Gallery (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 13.1.0.9",
"version_value": "13.1.0.9"
}
]
}
}
]
},
"vendor_name": "Contest Gallery"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ngo Van Thien (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/contest-gallery/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/contest-gallery/"
},
{
"name": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-13-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-13-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 14.0.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}