admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-25 16:00:37 +00:00
parent eb39d590d7
commit 24b8662dd2
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 267 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2018/25xxx/CVE-2018-25034.json
View File

@ -1,15 +1,37 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25034",
"TITLE": "Thomson TCW710 wlanPrimaryNetwork Persistent cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Thomson TCW710 ST5D.10.05 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /goform/wlanPrimaryNetwork. Durch Manipulieren des Arguments ServiceSetIdentifier mit der Eingabe ><script>alert(1)</script> durch POST Request kann eine basic cross site scripting-Schwachstelle (Persistent) ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -22,7 +44,8 @@
"version": {
"version_data": [
{
"version_value": "ST5D.10.05"
"version_value": "ST5D.10.05",
"version_affected": "="
}
]
}
@ -33,34 +56,6 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "moikano",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
@ -72,6 +67,27 @@
"url": "https://vuldb.com/?id.126695",
"refsource": "MISC",
"name": "https://vuldb.com/?id.126695"
},
{
"url": "https://vuldb.com/?ctiid.126695",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.126695"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}

119
2021/4xxx/CVE-2021-4278.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-4278",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in cronvel tree-kit bis 0.6.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.7.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a63f559c50d70e8cb2eaae670dec25d1dbc4afcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
"cweId": "CWE-1321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cronvel",
"product": {
"product_data": [
{
"product_name": "tree-kit",
"version": {
"version_data": [
{
"version_value": "0.1",
"version_affected": "="
},
{
"version_value": "0.2",
"version_affected": "="
},
{
"version_value": "0.3",
"version_affected": "="
},
{
"version_value": "0.4",
"version_affected": "="
},
{
"version_value": "0.5",
"version_affected": "="
},
{
"version_value": "0.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216765",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216765"
},
{
"url": "https://vuldb.com/?ctiid.216765",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216765"
},
{
"url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd",
"refsource": "MISC",
"name": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd"
},
{
"url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0",
"refsource": "MISC",
"name": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
]
}
}

99
2022/4xxx/CVE-2022-4735.json Normal file
View File

@ -0,0 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4735",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In asrashley dash-live wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft die Funktion ready der Datei static/js/media.js der Komponente DOM Node Handler. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als 24d01757a5319cc14c4aa1d8b53d1ab24d48e451 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "asrashley",
"product": {
"product_data": [
{
"product_name": "dash-live",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216766",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216766"
},
{
"url": "https://vuldb.com/?ctiid.216766",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216766"
},
{
"url": "https://github.com/asrashley/dash-live/pull/7",
"refsource": "MISC",
"name": "https://github.com/asrashley/dash-live/pull/7"
},
{
"url": "https://github.com/asrashley/dash-live/commit/24d01757a5319cc14c4aa1d8b53d1ab24d48e451",
"refsource": "MISC",
"name": "https://github.com/asrashley/dash-live/commit/24d01757a5319cc14c4aa1d8b53d1ab24d48e451"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}