admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-09-29 02:00:33 +00:00
parent fc0a7f502c
commit 31ad933db8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 184 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2009/5xxx/CVE-2009-5047.json
View File

@ -1,71 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-5047",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a consonant string (string including only letters)." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt",
"url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5047",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-5047"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110114 Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"
} }
] ]
} }

2
2019/5xxx/CVE-2019-5747.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679." "value": "An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679."
} }
] ]
}, },

11
2019/5xxx/CVE-2019-5797.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-5797", "ID": "CVE-2019-5797",
"ASSIGNER": "chrome-cve-admin@google.com" "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -45,10 +46,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://crbug.com/916523" "url": "https://crbug.com/916523",
"refsource": "MISC",
"name": "https://crbug.com/916523"
}, },
{ {
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
} }
] ]
}, },

2
2020/11xxx/CVE-2020-11015.json
View File

@ -35,7 +35,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.\nDevice MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC\naddress may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies\nto all (mostly ESP8266/ESP32) users.\n\nThis has been fixed in firmware version 2.5.0." "value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0."
} }
] ]
}, },

173
2021/43xxx/CVE-2021-43361.json
View File

@ -1,97 +1,90 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"generator": { "generator": {
"engine": "Vulnogram 0.0.9" "engine": "Vulnogram 0.0.9"
}, },
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-43361", "ID": "CVE-2021-43361",
"ASSIGNER": "iletisim@usom.gov.tr", "ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "", "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability",
"TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", "STATE": "PUBLIC"
"AKA": "", },
"STATE": "PUBLIC" "affects": {
}, "vendor": {
"source": { "vendor_data": [
"defect": [], {
"advisory": "", "vendor_name": "MedData",
"discovery": "EXTERNAL" "product": {
}, "product_data": [
"affects": { {
"vendor": { "product_name": "HBYS",
"vendor_data": [ "version": {
{ "version_data": [
"vendor_name": "MedData", {
"product": { "version_name": "",
"product_data": [ "version_affected": "<",
{ "version_value": "1.1",
"product_name": "HBYS", "platform": ""
"version": { }
"version_data": [ ]
{ }
"version_name": "", }
"version_affected": "<", ]
"version_value": "1.1",
"platform": ""
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-89 SQL Injection"
"lang": "eng", }
"value": "CWE-89 SQL Injection" ]
} }
] ]
} },
] "description": {
}, "description_data": [
"description": { {
"description_data": [ "lang": "eng",
{ "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system."
"lang": "eng", }
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n" ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt",
{ "refsource": "MISC",
"refsource": "CONFIRM", "name": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt"
"url": "https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt", }
"name": "" ]
} },
] "configuration": [],
}, "impact": {
"configuration": [], "cvss": {
"impact": { "version": "3.1",
"cvss": { "attackVector": "NETWORK",
"version": "3.1", "attackComplexity": "LOW",
"attackVector": "NETWORK", "privilegesRequired": "NONE",
"attackComplexity": "LOW", "userInteraction": "NONE",
"privilegesRequired": "NONE", "scope": "CHANGED",
"userInteraction": "NONE", "confidentialityImpact": "HIGH",
"scope": "CHANGED", "integrityImpact": "LOW",
"confidentialityImpact": "HIGH", "availabilityImpact": "LOW",
"integrityImpact": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"availabilityImpact": "LOW", "baseScore": 9.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "baseSeverity": "CRITICAL"
"baseScore": 9.9, }
"baseSeverity": "CRITICAL" },
} "exploit": [],
}, "work_around": [],
"exploit": [], "solution": [],
"work_around": [], "credit": []
"solution": [],
"credit": []
} }

173
2021/43xxx/CVE-2021-43362.json
View File

@ -1,97 +1,90 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"generator": { "generator": {
"engine": "Vulnogram 0.0.9" "engine": "Vulnogram 0.0.9"
}, },
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-43362", "ID": "CVE-2021-43362",
"ASSIGNER": "iletisim@usom.gov.tr", "ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "", "TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability",
"TITLE": "MedData HBYS 1.0 Remote SQL Injection Vulnerability", "STATE": "PUBLIC"
"AKA": "", },
"STATE": "PUBLIC" "affects": {
}, "vendor": {
"source": { "vendor_data": [
"defect": [], {
"advisory": "", "vendor_name": "MedData",
"discovery": "EXTERNAL" "product": {
}, "product_data": [
"affects": { {
"vendor": { "product_name": "HBYS",
"vendor_data": [ "version": {
{ "version_data": [
"vendor_name": "MedData", {
"product": { "version_name": "",
"product_data": [ "version_affected": "<",
{ "version_value": "1.1",
"product_name": "HBYS", "platform": ""
"version": { }
"version_data": [ ]
{ }
"version_name": "", }
"version_affected": "<", ]
"version_value": "1.1",
"platform": ""
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-89 SQL Injection"
"lang": "eng", }
"value": "CWE-89 SQL Injection" ]
} }
] ]
} },
] "description": {
}, "description_data": [
"description": { {
"description_data": [ "lang": "eng",
{ "value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system."
"lang": "eng", }
"value": "Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.\n" ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "url": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4",
{ "refsource": "MISC",
"refsource": "CONFIRM", "name": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4"
"url": "https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4", }
"name": "" ]
} },
] "configuration": [],
}, "impact": {
"configuration": [], "cvss": {
"impact": { "version": "3.1",
"cvss": { "attackVector": "NETWORK",
"version": "3.1", "attackComplexity": "LOW",
"attackVector": "NETWORK", "privilegesRequired": "NONE",
"attackComplexity": "LOW", "userInteraction": "NONE",
"privilegesRequired": "NONE", "scope": "CHANGED",
"userInteraction": "NONE", "confidentialityImpact": "HIGH",
"scope": "CHANGED", "integrityImpact": "LOW",
"confidentialityImpact": "HIGH", "availabilityImpact": "LOW",
"integrityImpact": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"availabilityImpact": "LOW", "baseScore": 9.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "baseSeverity": "CRITICAL"
"baseScore": 9.9, }
"baseSeverity": "CRITICAL" },
} "exploit": [],
}, "work_around": [],
"exploit": [], "solution": [],
"work_around": [], "credit": []
"solution": [],
"credit": []
} }