admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-09 21:00:38 +00:00
parent f33de1352b
commit 31d18acbc4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 945 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2014/125xxx/CVE-2014-125071.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125071",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in lukehutch Gribbit ausgemacht. Hiervon betroffen ist die Funktion messageReceived der Datei src/gribbit/request/HttpRequestHandler.java. Durch Manipulation mit unbekannten Daten kann eine missing origin validation in websockets-Schwachstelle ausgenutzt werden. Der Patch wird als 620418df247aebda3dd4be1dda10fe229ea505dd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1385 Missing Origin Validation in WebSockets",
"cweId": "CWE-1385"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "lukehutch",
"product": {
"product_data": [
{
"product_name": "Gribbit",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217716",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217716"
},
{
"url": "https://vuldb.com/?ctiid.217716",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217716"
},
{
"url": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd",
"refsource": "MISC",
"name": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2015/10xxx/CVE-2015-10033.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10033",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in jvvlee MerlinsBoard gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Grade Handler. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Patch wird als 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jvvlee",
"product": {
"product_data": [
{
"product_name": "MerlinsBoard",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217713",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217713"
},
{
"url": "https://vuldb.com/?ctiid.217713",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217713"
},
{
"url": "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5",
"refsource": "MISC",
"name": "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.7,
"vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:P",
"baseSeverity": "LOW"
}
]
}
}

106
2015/10xxx/CVE-2015-10034.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10034",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In j-nowak workout-organizer wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 13cd6c3d1210640bfdb39872b2bb3597aa991279 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "j-nowak",
"product": {
"product_data": [
{
"product_name": "workout-organizer",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217714",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217714"
},
{
"url": "https://vuldb.com/?ctiid.217714",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217714"
},
{
"url": "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279",
"refsource": "MISC",
"name": "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2015/10xxx/CVE-2015-10035.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10035",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in gperson angular-test-reporter gefunden. Davon betroffen ist die Funktion getProjectTables/addTest der Datei rest-server/data-server.js. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als a29d8ae121b46ebfa96a55a9106466ab2ef166ae bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gperson",
"product": {
"product_data": [
{
"product_name": "angular-test-reporter",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217715",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217715"
},
{
"url": "https://vuldb.com/?ctiid.217715",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217715"
},
{
"url": "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae",
"refsource": "MISC",
"name": "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

48
2021/36xxx/CVE-2021-36603.json
View File

@ -5,13 +5,57 @@
"CVE_data_meta": {
"ID": "CVE-2021-36603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/arendst/Tasmota/issues/12221",
"url": "https://github.com/arendst/Tasmota/issues/12221"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field \"Friendly Name 1\"."
}
]
}

5
2021/46xxx/CVE-2021-46848.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-3f9ee1ad91",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
}
]
}

97
2022/43xxx/CVE-2022-43970.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "trellixpsirt@trellix.com",
"ID": "CVE-2022-43970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer overflow in Linksys WRT54GL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WRT54GL Wireless-G Broadband Router",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Firmware",
"version_value": "4.30.18.006"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jessie Chick of Trellix ARC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/73-1lhvJPNg",
"refsource": "CONFIRM",
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"name": "https://youtu.be/TeWAmZaKQ_w",
"refsource": "CONFIRM",
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"name": "https://youtu.be/RfWVYCUBNZ0",
"refsource": "CONFIRM",
"url": "https://youtu.be/RfWVYCUBNZ0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

97
2022/43xxx/CVE-2022-43971.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "trellixpsirt@trellix.com",
"ID": "CVE-2022-43971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution in Linksys WUMC710"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linksys WUMC710 Wireless-AC Universal Media Connector",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Firmware",
"version_value": "1.0.02 (build 3)"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jessie Chick of Trellix ARC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/73-1lhvJPNg",
"refsource": "CONFIRM",
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"name": "https://youtu.be/TeWAmZaKQ_w",
"refsource": "CONFIRM",
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"name": "https://youtu.be/RfWVYCUBNZ0",
"refsource": "CONFIRM",
"url": "https://youtu.be/RfWVYCUBNZ0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

97
2022/43xxx/CVE-2022-43972.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "trellixpsirt@trellix.com",
"ID": "CVE-2022-43972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Null pointer dereference in Linksys WRT54GL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WRT54GL Wireless-G Broadband Router",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Firmware",
"version_value": "4.30.18.006"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jessie Chick of Trellix ARC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/73-1lhvJPNg",
"refsource": "CONFIRM",
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"name": "https://youtu.be/TeWAmZaKQ_w",
"refsource": "CONFIRM",
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"name": "https://youtu.be/RfWVYCUBNZ0",
"refsource": "CONFIRM",
"url": "https://youtu.be/RfWVYCUBNZ0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

97
2022/43xxx/CVE-2022-43973.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "trellixpsirt@trellix.com",
"ID": "CVE-2022-43973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Arbitrary code execution in Linksys WRT54GL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WRT54GL Wireless-G Broadband Router",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Firmware",
"version_value": "4.30.18.006"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jessie Chick of Trellix ARC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/73-1lhvJPNg",
"refsource": "CONFIRM",
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"name": "https://youtu.be/TeWAmZaKQ_w",
"refsource": "CONFIRM",
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"name": "https://youtu.be/RfWVYCUBNZ0",
"refsource": "CONFIRM",
"url": "https://youtu.be/RfWVYCUBNZ0"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

106
2023/0xxx/CVE-2023-0125.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0125",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Control iD Panel wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Komponente Web Interface. Mittels dem Manipulieren des Arguments Nome mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Control iD",
"product": {
"product_data": [
{
"product_name": "Panel",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217717",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217717"
},
{
"url": "https://vuldb.com/?ctiid.217717",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217717"
},
{
"url": "https://www.notion.so/ControlID-XSS-7ab891644a794103b582a59360f071a5",
"refsource": "MISC",
"name": "https://www.notion.so/ControlID-XSS-7ab891644a794103b582a59360f071a5"
}
]
},
"credits": [
{
"lang": "en",
"value": "Leonardo Teodoro (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
}
]
}
}