From 6950d325e613644cfad4cc2d4393873f498d8d2c Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 2 Aug 2021 12:55:21 +0300 Subject: [PATCH 1/3] Update description --- cves/2021/CVE-2021-29203.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml index 92cbe77690..d58b0ba9b8 100644 --- a/cves/2021/CVE-2021-29203.yaml +++ b/cves/2021/CVE-2021-29203.yaml @@ -4,6 +4,7 @@ info: author: madrobot severity: critical tags: hpe,cve,cve2021,bypass + description: A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager. reference: | - https://www.tenable.com/security/research/tra-2021-15 - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 From 37608a954c0895e68d0cd317cbcfe34c92af9547 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 2 Aug 2021 12:56:17 +0300 Subject: [PATCH 2/3] Description --- cves/2021/CVE-2021-30497.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2021/CVE-2021-30497.yaml b/cves/2021/CVE-2021-30497.yaml index e2a3ea14f8..0c94b9f41b 100644 --- a/cves/2021/CVE-2021-30497.yaml +++ b/cves/2021/CVE-2021-30497.yaml @@ -4,6 +4,7 @@ info: name: Ivanti Avalanche Directory Traversal author: gy741 severity: high + description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder reference: https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/ tags: cve,cve2021,avalanche,traversal From 493acb8afecb43a84fac79dcbcf7232b8be59c10 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 2 Aug 2021 14:30:22 +0300 Subject: [PATCH 3/3] Description --- vulnerabilities/other/coldfusion-debug-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/coldfusion-debug-xss.yaml b/vulnerabilities/other/coldfusion-debug-xss.yaml index 240be6a9cd..2207ee9960 100644 --- a/vulnerabilities/other/coldfusion-debug-xss.yaml +++ b/vulnerabilities/other/coldfusion-debug-xss.yaml @@ -4,6 +4,7 @@ info: name: Adobe ColdFusion Debug Page XSS author: dhiyaneshDK severity: medium + description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site. reference: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml tags: adobe,coldfusion,xss