From 31ad933db88bf314effc2417e97100ed832fb77f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Sep 2022 02:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/5xxx/CVE-2009-5047.json | 68 ++----------- 2019/5xxx/CVE-2019-5747.json | 2 +- 2019/5xxx/CVE-2019-5797.json | 11 ++- 2020/11xxx/CVE-2020-11015.json | 4 +- 2021/43xxx/CVE-2021-43361.json | 173 ++++++++++++++++----------------- 2021/43xxx/CVE-2021-43362.json | 173 ++++++++++++++++----------------- 6 files changed, 184 insertions(+), 247 deletions(-) diff --git a/2009/5xxx/CVE-2009-5047.json b/2009/5xxx/CVE-2009-5047.json index 975a624eeb8..16e99d24c62 100644 --- a/2009/5xxx/CVE-2009-5047.json +++ b/2009/5xxx/CVE-2009-5047.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2009-5047", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-5047", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a consonant string (string including only letters)." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", - "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" - }, - { - "url": "https://security-tracker.debian.org/tracker/CVE-2009-5047", - "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2009-5047" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20110114 Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", - "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/5xxx/CVE-2019-5747.json b/2019/5xxx/CVE-2019-5747.json index 3d81a1ff767..1011e01389a 100644 --- a/2019/5xxx/CVE-2019-5747.json +++ b/2019/5xxx/CVE-2019-5747.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679." + "value": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679." } ] }, diff --git a/2019/5xxx/CVE-2019-5797.json b/2019/5xxx/CVE-2019-5797.json index ed8e35aee97..7a97c4aa567 100644 --- a/2019/5xxx/CVE-2019-5797.json +++ b/2019/5xxx/CVE-2019-5797.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-5797", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/916523" + "url": "https://crbug.com/916523", + "refsource": "MISC", + "name": "https://crbug.com/916523" }, { - "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" + "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" } ] }, diff --git a/2020/11xxx/CVE-2020-11015.json b/2020/11xxx/CVE-2020-11015.json index a910eec6703..47711ba12a6 100644 --- a/2020/11xxx/CVE-2020-11015.json +++ b/2020/11xxx/CVE-2020-11015.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.\nDevice MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC\naddress may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies\nto all (mostly ESP8266/ESP32) users.\n\nThis has been fixed in firmware version 2.5.0." + "value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0." } ] }, @@ -80,4 +80,4 @@ "advisory": "GHSA-5x54-39xq-cwvc", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43361.json b/2021/43xxx/CVE-2021-43361.json index 389330dd157..7ed244612ff 100644 --- a/2021/43xxx/CVE-2021-43361.json +++ b/2021/43xxx/CVE-2021-43361.json @@ -1,97 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "CVE_data_meta": { - "ID": "CVE-2021-43361", - "ASSIGNER": "iletisim@usom.gov.tr", - "DATE_PUBLIC": "", - "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MedData", - "product": { - "product_data": [ - { - "product_name": "HBYS", - "version": { - "version_data": [ - { - "version_name": "", - "version_affected": "<", - "version_value": "1.1", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2021-43361", + "ASSIGNER": "cve@usom.gov.tr", + "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MedData", + "product": { + "product_data": [ + { + "product_name": "HBYS", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "1.1", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt", - "name": "" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" - } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system." + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt", + "refsource": "MISC", + "name": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] } \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43362.json b/2021/43xxx/CVE-2021-43362.json index 269820f1c5a..db6e3c7c696 100644 --- a/2021/43xxx/CVE-2021-43362.json +++ b/2021/43xxx/CVE-2021-43362.json @@ -1,97 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "CVE_data_meta": { - "ID": "CVE-2021-43362", - "ASSIGNER": "iletisim@usom.gov.tr", - "DATE_PUBLIC": "", - "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "MedData", - "product": { - "product_data": [ - { - "product_name": "HBYS", - "version": { - "version_data": [ - { - "version_name": "", - "version_affected": "<", - "version_value": "1.1", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2021-43362", + "ASSIGNER": "cve@usom.gov.tr", + "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MedData", + "product": { + "product_data": [ + { + "product_name": "HBYS", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "1.1", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n" - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4", - "name": "" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" - } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system." + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4", + "refsource": "MISC", + "name": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] } \ No newline at end of file