mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
0c801c29d6
commit
01ea69df18
94
2019/18xxx/CVE-2019-18265.json
Normal file
94
2019/18xxx/CVE-2019-18265.json
Normal file
@ -0,0 +1,94 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-18265",
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Digital Alert Systems\u2019 DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Digital Alert Systems",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "DASDEC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.digitalalertsystems.com/security-advisory",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.digitalalertsystems.com/security-advisory"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Ken Pyle"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.1,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -106,6 +106,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2020-c6fa12cfb1",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZETDVPZQWZWVGIG6JTIEKP5KPVMUE7Y/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20221130 [SECURITY] [DLA 3214-1] libraw security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00042.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -61,6 +61,11 @@
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20221129 CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2",
|
||||
"url": "http://seclists.org/fulldisclosure/2022/Nov/19"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html",
|
||||
"url": "http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -101,6 +101,11 @@
|
||||
"refsource": "CERT-VN",
|
||||
"name": "VU#915563",
|
||||
"url": "https://www.kb.cert.org/vuls/id/915563"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -101,6 +101,11 @@
|
||||
"refsource": "CERT-VN",
|
||||
"name": "VU#915563",
|
||||
"url": "https://www.kb.cert.org/vuls/id/915563"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html",
|
||||
"url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -56,6 +56,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/renmizo/CVE-2022-41412",
|
||||
"url": "https://github.com/renmizo/CVE-2022-41412"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html",
|
||||
"url": "http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -56,6 +56,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/renmizo/CVE-2022-41413",
|
||||
"url": "https://github.com/renmizo/CVE-2022-41413"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/170070/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html",
|
||||
"url": "http://packetstormsecurity.com/files/170070/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user