Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 299da50

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent 7e7506c commit 299da50

File tree

95 files changed

+2657
-191
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

95 files changed

+2657
-191
lines changed

2018/1000xxx/CVE-2018-1000051.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,11 @@
7373
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698825",
7474
"refsource": "CONFIRM",
7575
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698825"
76+
},
77+
{
78+
"refsource": "MISC",
79+
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=321ba1de287016b0036bf4a56ce774ad11763384",
80+
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=321ba1de287016b0036bf4a56ce774ad11763384"
7681
}
7782
]
7883
}

2019/6xxx/CVE-2019-6130.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,11 @@
8181
"refsource": "MLIST",
8282
"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update",
8383
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"
84+
},
85+
{
86+
"refsource": "MISC",
87+
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed",
88+
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed"
8489
}
8590
]
8691
}

2019/6xxx/CVE-2019-6131.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,11 @@
7171
"refsource": "FEDORA",
7272
"name": "FEDORA-2019-15af6a9a07",
7373
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"
74+
},
75+
{
76+
"refsource": "MISC",
77+
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b",
78+
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b"
7479
}
7580
]
7681
}

2019/7xxx/CVE-2019-7321.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,11 @@
6161
"refsource": "MISC",
6262
"name": "https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560",
6363
"url": "https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560"
64+
},
65+
{
66+
"refsource": "MISC",
67+
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d",
68+
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d"
6469
}
6570
]
6671
}

2020/21xxx/CVE-2020-21896.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@
5656
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701294",
5757
"refsource": "MISC",
5858
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=701294"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?8719e07834d6a72b6b4131539e49ed1e8e2ff79e",
63+
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?8719e07834d6a72b6b4131539e49ed1e8e2ff79e"
5964
}
6065
]
6166
}

2020/26xxx/CVE-2020-26683.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,11 @@
5656
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702566",
5757
"refsource": "MISC",
5858
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=702566"
59+
},
60+
{
61+
"refsource": "MISC",
62+
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=05720b4ee3dbae57e65546dc2eecc3021c08eeea",
63+
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=05720b4ee3dbae57e65546dc2eecc3021c08eeea"
5964
}
6065
]
6166
}

2021/1xxx/CVE-2021-1245.json

Lines changed: 106 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -1,86 +1,143 @@
11
{
2+
"data_version": "4.0",
3+
"data_type": "CVE",
4+
"data_format": "MITRE",
25
"CVE_data_meta": {
3-
"ASSIGNER": "[email protected]",
4-
"DATE_PUBLIC": "2021-01-13T16:00:00",
56
"ID": "CVE-2021-1245",
6-
"STATE": "PUBLIC",
7-
"TITLE": "Cisco Finesse OpenSocial Gadget Editor Vulnerabilities"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"description": {
11+
"description_data": [
12+
{
13+
"lang": "eng",
14+
"value": "Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability\r\n\r\nA vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
15+
}
16+
]
17+
},
18+
"problemtype": {
19+
"problemtype_data": [
20+
{
21+
"description": [
22+
{
23+
"lang": "eng",
24+
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
25+
"cweId": "CWE-79"
26+
}
27+
]
28+
}
29+
]
830
},
931
"affects": {
1032
"vendor": {
1133
"vendor_data": [
1234
{
35+
"vendor_name": "Cisco",
1336
"product": {
1437
"product_data": [
1538
{
16-
"product_name": "Cisco Finesse ",
39+
"product_name": "Cisco Unified Customer Voice Portal (CVP)",
1740
"version": {
1841
"version_data": [
1942
{
20-
"version_value": "n/a"
43+
"version_affected": "=",
44+
"version_value": "12.6(2)_ES4"
45+
},
46+
{
47+
"version_affected": "=",
48+
"version_value": "12.6(2)_ET5"
49+
},
50+
{
51+
"version_affected": "=",
52+
"version_value": "12.6(2)_ET7"
53+
},
54+
{
55+
"version_affected": "=",
56+
"version_value": "12.6(2)_ET8"
57+
},
58+
{
59+
"version_affected": "=",
60+
"version_value": "12.6(2)_ES9"
61+
},
62+
{
63+
"version_affected": "=",
64+
"version_value": "12.6(2)_ES10"
65+
},
66+
{
67+
"version_affected": "=",
68+
"version_value": "12.6(2)_ES11"
69+
},
70+
{
71+
"version_affected": "=",
72+
"version_value": "12.6(2)_ET12"
73+
},
74+
{
75+
"version_affected": "=",
76+
"version_value": "12.6(2)_ET13"
77+
},
78+
{
79+
"version_affected": "=",
80+
"version_value": "12.6(2)_ES14"
81+
},
82+
{
83+
"version_affected": "=",
84+
"version_value": "12.6(2)_ES15"
85+
},
86+
{
87+
"version_affected": "=",
88+
"version_value": "12.6(2)_ET16"
89+
},
90+
{
91+
"version_affected": "=",
92+
"version_value": "12.6(2)_ET17"
2193
}
2294
]
2395
}
2496
}
2597
]
26-
},
27-
"vendor_name": "Cisco"
98+
}
2899
}
29100
]
30101
}
31102
},
32-
"data_format": "MITRE",
33-
"data_type": "CVE",
34-
"data_version": "4.0",
35-
"description": {
36-
"description_data": [
103+
"references": {
104+
"reference_data": [
37105
{
38-
"lang": "eng",
39-
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory."
106+
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2",
107+
"refsource": "MISC",
108+
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2"
40109
}
41110
]
42111
},
112+
"source": {
113+
"advisory": "cisco-sa-multi-vuln-finesse-qp6gbUO2",
114+
"discovery": "EXTERNAL",
115+
"defects": [
116+
"CSCvs52916"
117+
]
118+
},
43119
"exploit": [
44120
{
45-
"lang": "eng",
46-
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
121+
"lang": "en",
122+
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
47123
}
48124
],
49125
"impact": {
50-
"cvss": {
51-
"baseScore": "6.5",
52-
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N ",
53-
"version": "3.0"
54-
}
55-
},
56-
"problemtype": {
57-
"problemtype_data": [
58-
{
59-
"description": [
60-
{
61-
"lang": "eng",
62-
"value": "CWE-306"
63-
}
64-
]
65-
}
66-
]
67-
},
68-
"references": {
69-
"reference_data": [
126+
"cvss": [
70127
{
71-
"name": "20210113 Cisco Finesse OpenSocial Gadget Editor Vulnerabilities",
72-
"refsource": "CISCO",
73-
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2"
128+
"version": "3.1",
129+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X",
130+
"baseScore": 6.5,
131+
"baseSeverity": "MEDIUM",
132+
"attackVector": "NETWORK",
133+
"attackComplexity": "LOW",
134+
"privilegesRequired": "NONE",
135+
"userInteraction": "NONE",
136+
"scope": "UNCHANGED",
137+
"confidentialityImpact": "LOW",
138+
"integrityImpact": "LOW",
139+
"availabilityImpact": "NONE"
74140
}
75141
]
76-
},
77-
"source": {
78-
"advisory": "cisco-sa-multi-vuln-finesse-qp6gbUO2",
79-
"defect": [
80-
[
81-
"CSCvs52916"
82-
]
83-
],
84-
"discovery": "INTERNAL"
85142
}
86143
}

0 commit comments

Comments
 (0)