admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-02 16:00:36 +00:00
parent aef0371a2c
commit 31dca2e0fb
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 474 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2014/125xxx/CVE-2014-125035.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125035",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Jobs-Plugin wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als b8a56718b1d42834c6ec51d9c489c5dc20471d7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Jobs-Plugin",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217189",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217189"
},
{
"url": "https://vuldb.com/?ctiid.217189",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217189"
},
{
"url": "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2",
"refsource": "MISC",
"name": "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2"
},
{
"url": "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b",
"refsource": "MISC",
"name": "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

115
2015/10xxx/CVE-2015-10009.json Normal file
View File

@ -0,0 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10009",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in nterchange bis 4.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion getContent der Datei app/controllers/code_caller_controller.php. Durch die Manipulation des Arguments q mit der Eingabe %5C%27%29;phpinfo%28%29;/* mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 4.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fba7d89176fba8fe289edd58835fe45080797d99 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "nterchange",
"version": {
"version_data": [
{
"version_value": "4.0",
"version_affected": "="
},
{
"version_value": "4.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217187",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217187"
},
{
"url": "https://vuldb.com/?ctiid.217187",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217187"
},
{
"url": "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99",
"refsource": "MISC",
"name": "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99"
},
{
"url": "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1",
"refsource": "MISC",
"name": "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2017/20xxx/CVE-2017-20161.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20161",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in rofl0r MacGeiger entdeckt. Dabei betrifft es die Funktion dump_wlan_at der Datei macgeiger.c der Komponente ESSID Handler. Durch Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Patch wird als 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rofl0r",
"product": {
"product_data": [
{
"product_name": "MacGeiger",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217188",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217188"
},
{
"url": "https://vuldb.com/?ctiid.217188",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217188"
},
{
"url": "https://github.com/rofl0r/MacGeiger/commit/57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb",
"refsource": "MISC",
"name": "https://github.com/rofl0r/MacGeiger/commit/57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.6,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.6,
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

5
2022/22xxx/CVE-2022-22728.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", "name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
"url": "http://www.openwall.com/lists/oss-security/2022/12/31/5" "url": "http://www.openwall.com/lists/oss-security/2022/12/31/5"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
"url": "http://www.openwall.com/lists/oss-security/2023/01/02/1"
} }
] ]
}, },

67
2022/48xxx/CVE-2022-48197.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-48197",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2022-48197",
"STATE": "PUBLIC"
}, },
"description": { "affects": {
"description_data": [ "vendor": {
"vendor_data": [
{ {
"lang": "eng", "product": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ryan412/CVE-2022-48197/blob/main/README.md",
"url": "https://github.com/ryan412/CVE-2022-48197/blob/main/README.md"
},
{
"refsource": "MISC",
"name": "https://github.com/yui/yui2/tags",
"url": "https://github.com/yui/yui2/tags"
} }
] ]
} }

86
2023/22xxx/CVE-2023-22451.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-22451", "ID": "CVE-2023-22451",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\u2019t be too similar to other personal information, must contain at least 10 characters, can\u2019t be a commonly used password, and can\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements",
"cweId": "CWE-521"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kiwitcms",
"product": {
"product_data": [
{
"product_name": "Kiwi",
"version": {
"version_data": [
{
"version_value": "<= 11.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g",
"refsource": "MISC",
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-496x-2jqf-hp7g"
},
{
"url": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985",
"refsource": "MISC",
"name": "https://github.com/kiwitcms/Kiwi/commit/3759fb68aed36315cdde9fc573b2fe7c11544985"
},
{
"url": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/32a873c8-f605-4aae-9272-d80985ef2b73"
}
]
},
"source": {
"advisory": "GHSA-496x-2jqf-hp7g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }