diff --git a/2020/19xxx/CVE-2020-19618.json b/2020/19xxx/CVE-2020-19618.json index 9023292c017..d491df3ede1 100644 --- a/2020/19xxx/CVE-2020-19618.json +++ b/2020/19xxx/CVE-2020-19618.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19618", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19618", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/langhsu/mblog/issues/27", + "refsource": "MISC", + "name": "https://github.com/langhsu/mblog/issues/27" } ] } diff --git a/2020/19xxx/CVE-2020-19619.json b/2020/19xxx/CVE-2020-19619.json index 58b17b1793f..11dc7c145cb 100644 --- a/2020/19xxx/CVE-2020-19619.json +++ b/2020/19xxx/CVE-2020-19619.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19619", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19619", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/langhsu/mblog/issues/27", + "refsource": "MISC", + "name": "https://github.com/langhsu/mblog/issues/27" } ] } diff --git a/2020/23xxx/CVE-2020-23839.json b/2020/23xxx/CVE-2020-23839.json index 15c0b2142c9..9c237ebee5b 100644 --- a/2020/23xxx/CVE-2020-23839.json +++ b/2020/23xxx/CVE-2020-23839.json @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html", "url": "http://packetstormsecurity.com/files/162016/GetSimple-CMS-3.3.16-Cross-Site-Scripting-Shell-Upload.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "49726", + "url": "https://www.exploit-db.com/exploits/49726" + }, + { + "refsource": "MISC", + "name": "https://github.com/boku7/CVE-2020-23839", + "url": "https://github.com/boku7/CVE-2020-23839" } ] } diff --git a/2020/36xxx/CVE-2020-36002.json b/2020/36xxx/CVE-2020-36002.json index 93b0547f15a..78d6985b4f2 100644 --- a/2020/36xxx/CVE-2020-36002.json +++ b/2020/36xxx/CVE-2020-36002.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id and file parameters where attackers can obtain sensitive database information." + "value": "Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information." } ] }, diff --git a/2021/28xxx/CVE-2021-28969.json b/2021/28xxx/CVE-2021-28969.json index 68c0eb6c6d5..59630b0e519 100644 --- a/2021/28xxx/CVE-2021-28969.json +++ b/2021/28xxx/CVE-2021-28969.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28969", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28969", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-005.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-005.txt" } ] } diff --git a/2021/28xxx/CVE-2021-28970.json b/2021/28xxx/CVE-2021-28970.json index 28b38c73fac..6ad8d488c4e 100644 --- a/2021/28xxx/CVE-2021-28970.json +++ b/2021/28xxx/CVE-2021-28970.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28970", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28970", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-006.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-006.txt" } ] } diff --git a/2021/29xxx/CVE-2021-29421.json b/2021/29xxx/CVE-2021-29421.json index cb8bbd2be50..659b478e117 100644 --- a/2021/29xxx/CVE-2021-29421.json +++ b/2021/29xxx/CVE-2021-29421.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29421", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29421", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a", + "url": "https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a" } ] }