From f93d402a77c7f897008e156beab69da411856e2f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 Apr 2021 14:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/18xxx/CVE-2020-18019.json | 56 +++++++++++++++++++++++++++---- 2020/18xxx/CVE-2020-18020.json | 56 +++++++++++++++++++++++++++---- 2020/21xxx/CVE-2020-21991.json | 61 ++++++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27077.json | 5 +++ 2021/29xxx/CVE-2021-29159.json | 61 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29387.json | 61 ++++++++++++++++++++++++++++++---- 2021/29xxx/CVE-2021-29388.json | 61 ++++++++++++++++++++++++++++++---- 2021/3xxx/CVE-2021-3508.json | 55 ++++++++++++++++++++++++++++-- 8 files changed, 377 insertions(+), 39 deletions(-) diff --git a/2020/18xxx/CVE-2020-18019.json b/2020/18xxx/CVE-2020-18019.json index 7d88ba3814e..ca74dfa7ac7 100644 --- a/2020/18xxx/CVE-2020-18019.json +++ b/2020/18xxx/CVE-2020-18019.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18019", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the \"typeid\" variable of the \"createfolderAjax\" function in the \"mode_worcAction.php\" component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/si1ence90/xinhu1.8.3_SqlInject", + "refsource": "MISC", + "name": "https://github.com/si1ence90/xinhu1.8.3_SqlInject" } ] } diff --git a/2020/18xxx/CVE-2020-18020.json b/2020/18xxx/CVE-2020-18020.json index ebdd215870f..735e0f672cd 100644 --- a/2020/18xxx/CVE-2020-18020.json +++ b/2020/18xxx/CVE-2020-18020.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the \"user_phone\" parameter of a crafted HTTP request to the \"admin.php\" component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/koyshe/phpshe/issues/IQ8S8", + "refsource": "MISC", + "name": "https://gitee.com/koyshe/phpshe/issues/IQ8S8" } ] } diff --git a/2020/21xxx/CVE-2020-21991.json b/2020/21xxx/CVE-2020-21991.json index 6669578f4de..62734fd11b0 100644 --- a/2020/21xxx/CVE-2020-21991.json +++ b/2020/21xxx/CVE-2020-21991.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21991", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21991", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php", + "refsource": "MISC", + "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/47822" } ] } diff --git a/2021/27xxx/CVE-2021-27077.json b/2021/27xxx/CVE-2021-27077.json index 344750da8f4..1420ec25c34 100644 --- a/2021/27xxx/CVE-2021-27077.json +++ b/2021/27xxx/CVE-2021-27077.json @@ -277,6 +277,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-403/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-403/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-482/" } ] } diff --git a/2021/29xxx/CVE-2021-29159.json b/2021/29xxx/CVE-2021-29159.json index 35b72add20f..133deb9ffda 100644 --- a/2021/29xxx/CVE-2021-29159.json +++ b/2021/29xxx/CVE-2021-29159.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base", + "refsource": "MISC", + "name": "https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base" + }, + { + "refsource": "MISC", + "name": "https://support.sonatype.com/hc/en-us/articles/1500005031082", + "url": "https://support.sonatype.com/hc/en-us/articles/1500005031082" } ] } diff --git a/2021/29xxx/CVE-2021-29387.json b/2021/29xxx/CVE-2021-29387.json index 486a8e0cee9..cf76fd231df 100644 --- a/2021/29xxx/CVE-2021-29387.json +++ b/2021/29xxx/CVE-2021-29387.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any \"Add\" sections, such as Add Item , Employee and Position or others in the Name Parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/11327/equipment-inventory.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/11327/equipment-inventory.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49722", + "url": "https://www.exploit-db.com/exploits/49722" } ] } diff --git a/2021/29xxx/CVE-2021-29388.json b/2021/29xxx/CVE-2021-29388.json index ca4b3a9e5b3..0b5d1e9890a 100644 --- a/2021/29xxx/CVE-2021-29388.json +++ b/2021/29xxx/CVE-2021-29388.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29388", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29388", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14403/budget-management-system.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14403/budget-management-system.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49723", + "url": "https://www.exploit-db.com/exploits/49723" } ] } diff --git a/2021/3xxx/CVE-2021-3508.json b/2021/3xxx/CVE-2021-3508.json index d20312dde5f..f4695965a51 100644 --- a/2021/3xxx/CVE-2021-3508.json +++ b/2021/3xxx/CVE-2021-3508.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PDFResurrect", + "version": { + "version_data": [ + { + "version_value": "PDFResurrect 0.23b" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1951198", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951198" + }, + { + "refsource": "MISC", + "name": "https://github.com/enferex/pdfresurrect/issues/17", + "url": "https://github.com/enferex/pdfresurrect/issues/17" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file." } ] }