mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
Auto-merge PR#8009
Auto-merge PR#8009
This commit is contained in:
CVE Team
GitHub
commit
2e92d7bb15
@ -4,14 +4,84 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-3976",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"TITLE": "MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "MZ Automation",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "libiec61850",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1.0"
|
||||
},
|
||||
{
|
||||
"version_value": "1.1"
|
||||
},
|
||||
{
|
||||
"version_value": "1.2"
|
||||
},
|
||||
{
|
||||
"version_value": "1.3"
|
||||
},
|
||||
{
|
||||
"version_value": "1.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-22 Path Traversal"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src\/mms\/iso_mms\/client\/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "5.5",
|
||||
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https:\/\/github.com\/mz-automation\/libiec61850\/commit\/10622ba36bb3910c151348f1569f039ecdd8786f"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/github.com\/mz-automation\/libiec61850"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/vuldb.com\/?id.213556"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -4,14 +4,96 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-3978",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"TITLE": "NodeBB abort cross-site request forgery",
|
||||
"REQUESTER": "cna@vuldb.com",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"generator": "vuldb.com",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "NodeBB",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.5.0"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.1"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.2"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.3"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.4"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.5"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.6"
|
||||
},
|
||||
{
|
||||
"version_value": "2.5.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file \/register\/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "4.3",
|
||||
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https:\/\/github.com\/NodeBB\/NodeBB\/issues\/11017"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/github.com\/NodeBB\/NodeBB\/releases\/tag\/v2.5.8"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/github.com\/NodeBB\/NodeBB\/commit\/2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/vuldb.com\/?id.213555"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user