admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-20 05:00:37 +00:00
parent d8b2eccc39
commit 15934d3775
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 222 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2015/10xxx/CVE-2015-10096.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-10096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Zarthus IRC Twitter Announcer Bot bis 1.1.0 gefunden. Dabei betrifft es die Funktion get_tweets der Datei lib/twitterbot/plugins/twitter_announcer.rb. Mittels Manipulieren des Arguments tweet mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zarthus",
"product": {
"product_data": [
{
"product_name": "IRC Twitter Announcer Bot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.223383",
"refsource": "MISC",
"name": "https://vuldb.com/?id.223383"
},
{
"url": "https://vuldb.com/?ctiid.223383",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.223383"
},
{
"url": "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3",
"refsource": "MISC",
"name": "https://github.com/Zarthus/irc-twitter-bot/commit/6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3"
},
{
"url": "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1",
"refsource": "MISC",
"name": "https://github.com/Zarthus/irc-twitter-bot/releases/tag/v1.1.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

125
2022/4xxx/CVE-2022-4933.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in ATM Consulting dolibarr_module_quicksupplierprice bis 1.1.6 entdeckt. Dies betrifft die Funktion upatePrice der Datei script/interface.php. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.1.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ccad1e4282b0e393a32fcc852e82ec0e0af5446f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ATM Consulting",
"product": {
"product_data": [
{
"product_name": "dolibarr_module_quicksupplierprice",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "=",
"version_value": "1.1.1"
},
{
"version_affected": "=",
"version_value": "1.1.2"
},
{
"version_affected": "=",
"version_value": "1.1.3"
},
{
"version_affected": "=",
"version_value": "1.1.4"
},
{
"version_affected": "=",
"version_value": "1.1.5"
},
{
"version_affected": "=",
"version_value": "1.1.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.223382",
"refsource": "MISC",
"name": "https://vuldb.com/?id.223382"
},
{
"url": "https://vuldb.com/?ctiid.223382",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.223382"
},
{
"url": "https://github.com/ATM-Consulting/dolibarr_module_quicksupplierprice/pull/21",
"refsource": "MISC",
"name": "https://github.com/ATM-Consulting/dolibarr_module_quicksupplierprice/pull/21"
},
{
"url": "https://github.com/ATM-Consulting/dolibarr_module_quicksupplierprice/commit/ccad1e4282b0e393a32fcc852e82ec0e0af5446f",
"refsource": "MISC",
"name": "https://github.com/ATM-Consulting/dolibarr_module_quicksupplierprice/commit/ccad1e4282b0e393a32fcc852e82ec0e0af5446f"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}