Auto Generated cves.json [Mon Feb 20 18:03:35 UTC 2023] 🤖

cves.json

@@ -1165,6 +1165,7 @@
 {"ID":"CVE-2021-36380","Info":{"Name":"Sunhillo SureLine \u003c8.7.0.1.1 - Unauthenticated OS Command Injection","Severity":"critical","Description":"Sunhillo SureLine \u003c8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-36380.yaml"}
 {"ID":"CVE-2021-36450","Info":{"Name":"Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting","Severity":"medium","Description":"Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-36450.yaml"}
 {"ID":"CVE-2021-3654","Info":{"Name":"Nova noVNC - Open Redirect","Severity":"medium","Description":"Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3654.yaml"}
+{"ID":"CVE-2021-36580","Info":{"Name":"IceWarp Open Redirect","Severity":"medium","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-36580.yaml"}
 {"ID":"CVE-2021-36748","Info":{"Name":"PrestaHome Blog for PrestaShop \u003c1.7.8 - SQL Injection","Severity":"high","Description":"PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-36748.yaml"}
 {"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-36749.yaml"}
 {"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-36873.yaml"}