Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 249fd3c

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent 2333893 commit 249fd3c

File tree

5 files changed

+264
-18
lines changed

5 files changed

+264
-18
lines changed

2020/7xxx/CVE-2020-7875.json

Lines changed: 76 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,88 @@
11
{
2-
"data_type": "CVE",
3-
"data_format": "MITRE",
4-
"data_version": "4.0",
52
"CVE_data_meta": {
3+
"ASSIGNER": "[email protected]",
64
"ID": "CVE-2020-7875",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
5+
"STATE": "PUBLIC",
6+
"TITLE": "RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability"
97
},
8+
"affects": {
9+
"vendor": {
10+
"vendor_data": [
11+
{
12+
"product": {
13+
"product_data": [
14+
{
15+
"product_name": "DEXT5 Upload",
16+
"version": {
17+
"version_data": [
18+
{
19+
"platform": "Windows",
20+
"version_affected": "<=",
21+
"version_name": "5.0.0.117",
22+
"version_value": "5.0.0.117"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
},
29+
"vendor_name": "RAONWIZ"
30+
}
31+
]
32+
}
33+
},
34+
"data_format": "MITRE",
35+
"data_type": "CVE",
36+
"data_version": "4.0",
1037
"description": {
1138
"description_data": [
1239
{
1340
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
41+
"value": "DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution."
42+
}
43+
]
44+
},
45+
"generator": {
46+
"engine": "Vulnogram 0.0.9"
47+
},
48+
"impact": {
49+
"cvss": {
50+
"attackComplexity": "HIGH",
51+
"attackVector": "NETWORK",
52+
"availabilityImpact": "HIGH",
53+
"baseScore": 7.5,
54+
"baseSeverity": "HIGH",
55+
"confidentialityImpact": "HIGH",
56+
"integrityImpact": "HIGH",
57+
"privilegesRequired": "NONE",
58+
"scope": "UNCHANGED",
59+
"userInteraction": "REQUIRED",
60+
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
61+
"version": "3.1"
62+
}
63+
},
64+
"problemtype": {
65+
"problemtype_data": [
66+
{
67+
"description": [
68+
{
69+
"lang": "eng",
70+
"value": "CWE-494 Download of Code Without Integrity Check"
71+
}
72+
]
1573
}
1674
]
75+
},
76+
"references": {
77+
"reference_data": [
78+
{
79+
"refsource": "MISC",
80+
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36312",
81+
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36312"
82+
}
83+
]
84+
},
85+
"source": {
86+
"discovery": "UNKNOWN"
1787
}
1888
}

2021/22xxx/CVE-2021-22044.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22044",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Spring Cloud OpenFeign",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Spring Cloud OpenFeign versions 3.0.x prior to 3.0.5+, 2.2.x prior to 2.2.10. RELEASE+ and all older unsupported versions are impacted."
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://tanzu.vmware.com/security/cve-2021-22044",
50+
"url": "https://tanzu.vmware.com/security/cve-2021-22044"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22047.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22047",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Spring Data REST",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Spring Data REST versions 3.4.x prior to 3.4.14+ ,3.5.x prior to 3.5.6+ and old unsupported versions"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://tanzu.vmware.com/security/cve-2021-22047",
50+
"url": "https://tanzu.vmware.com/security/cve-2021-22047"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22096.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22096",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Spring Framework",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted."
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "CWE-117: Improper Output Neutralization for Logs"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://tanzu.vmware.com/security/cve-2021-22096",
50+
"url": "https://tanzu.vmware.com/security/cve-2021-22096"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22097.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22097",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Spring AMQP",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Spring AMQP versions 2.2.X prior to 2.2.19 and 2.3.x prior to 2.3.11 ."
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "CWE-502: Deserialization of Untrusted Data"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://tanzu.vmware.com/security/cve-2021-22097",
50+
"url": "https://tanzu.vmware.com/security/cve-2021-22097"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called."
1559
}
1660
]
1761
}

0 commit comments

Comments
 (0)