"-Synchronized-Data."

cve-team · cve-team · commit a7b648d955fd · 2021-01-26T23:00:39.000Z
diff --git a/2020/28xxx/CVE-2020-28492.json b/2020/28xxx/CVE-2020-28492.json
@@ -3,90 +3,16 @@
     "data_format": "MITRE",
     "data_version": "4.0",
     "CVE_data_meta": {
-        "ASSIGNER": "report@snyk.io",
-        "DATE_PUBLIC": "2021-01-26T16:12:22.733071Z",
         "ID": "CVE-2020-28492",
-        "STATE": "PUBLIC",
-        "TITLE": "Regular Expression Denial of Service (ReDoS)"
-    },
-    "affects": {
-        "vendor": {
-            "vendor_data": [
-                {
-                    "product": {
-                        "product_data": [
-                            {
-                                "product_name": "jinja2",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_affected": ">=",
-                                            "version_value": "0.0.0"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "n/a"
-                }
-            ]
-        }
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "Regular Expression Denial of Service (ReDoS)"
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "refsource": "MISC",
-                "url": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994",
-                "name": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994"
-            },
-            {
-                "refsource": "MISC",
-                "url": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20",
-                "name": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20"
-            }
-        ]
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "This affects the package jinja2 from 0.0.0. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+"
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA."
             }
         ]
-    },
-    "impact": {
-        "cvss": {
-            "version": "3.1",
-            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
-            "baseScore": 5.3,
-            "baseSeverity": "MEDIUM",
-            "attackVector": "NETWORK",
-            "attackComplexity": "LOW",
-            "privilegesRequired": "NONE",
-            "userInteraction": "NONE",
-            "scope": "UNCHANGED",
-            "confidentialityImpact": "NONE",
-            "integrityImpact": "NONE",
-            "availabilityImpact": "LOW"
-        }
-    },
-    "credit": [
-        {
-            "lang": "eng",
-            "value": "Yeting Li"
-        }
-    ]
+    }
 }
diff --git a/2020/36xxx/CVE-2020-36193.json b/2020/36xxx/CVE-2020-36193.json
@@ -57,6 +57,11 @@
                 "refsource": "MISC",
                 "name": "https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916"
             },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.drupal.org/sa-core-2021-001",
+                "url": "https://www.drupal.org/sa-core-2021-001"
+            },
             {
                 "refsource": "MLIST",
                 "name": "[debian-lts-announce] 20210121 [SECURITY] [DLA-2530-1] drupal7 security update",
diff --git a/2021/3xxx/CVE-2021-3165.json b/2021/3xxx/CVE-2021-3165.json
@@ -1,17 +1,71 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2021-3165",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2021-3165",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://orionhridoy.me",
+                "refsource": "MISC",
+                "name": "https://orionhridoy.me"
+            },
+            {
+                "url": "https://www.smtagent.com/support",
+                "refsource": "MISC",
+                "name": "https://www.smtagent.com/support"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html",
+                "url": "https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html"
             }
         ]
     }
diff --git a/2021/3xxx/CVE-2021-3193.json b/2021/3xxx/CVE-2021-3193.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0 allows an authenticated attacker to execute remote code as the apache user."
+                "value": "Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user."
             }
         ]
     },
diff --git a/2021/3xxx/CVE-2021-3315.json b/2021/3xxx/CVE-2021-3315.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3315",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/3xxx/CVE-2021-3316.json b/2021/3xxx/CVE-2021-3316.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3316",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/3xxx/CVE-2021-3317.json b/2021/3xxx/CVE-2021-3317.json
@@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2021-3317",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection",
+                "refsource": "MISC",
+                "name": "https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection"
+            }
+        ]
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`"description_data": [`
`35`	`35`	`{`
`36`	`36`	`"lang": "eng",`
`37`		`- "value": "Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0 allows an authenticated attacker to execute remote code as the apache user."`
	`37`	`+ "value": "Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user."`
`38`	`38`	`}`
`39`	`39`	`]`
`40`	`40`	`},`