admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-24 16:02:41 +00:00
parent e6c50eb816
commit 432cffec0c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 414 additions and 374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2013/10xxx/CVE-2013-10002.json
View File

@ -1,74 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10002",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentials",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt\/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/www.modzero.ch\/advisories\/MZ-13-06_SAMwin_Architectural_Issues.txt"
},
{
"url": "https:\/\/vuldb.com\/?id.12788"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10002",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentials",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt",
"refsource": "MISC",
"name": "http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt"
},
{
"url": "https://vuldb.com/?id.12788",
"refsource": "MISC",
"name": "https://vuldb.com/?id.12788"
}
]
}
}

150
2013/10xxx/CVE-2013-10003.json
View File

@ -1,74 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10003",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Database SAMwinLIBVB.dll getCurrentDBVersion sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt\/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/www.modzero.ch\/advisories\/MZ-13-06_SAMwin_Architectural_Issues.txt"
},
{
"url": "https:\/\/vuldb.com\/?id.12789"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10003",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Database SAMwinLIBVB.dll getCurrentDBVersion sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt",
"refsource": "MISC",
"name": "http://www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt"
},
{
"url": "https://vuldb.com/?id.12789",
"refsource": "MISC",
"name": "https://vuldb.com/?id.12789"
}
]
}
}

150
2013/10xxx/CVE-2013-10004.json
View File

@ -1,74 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10004",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt\/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/www.modzero.ch\/advisories\/MZ-13-07_SAMwin_Collisions.txt"
},
{
"url": "https:\/\/vuldb.com\/?id.12790"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10004",
"TITLE": "Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telecommunication Software",
"product": {
"product_data": [
{
"product_name": "SAMwin Contact Center Suite",
"version": {
"version_data": [
{
"version_value": "5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tobias Ospelt/Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt",
"refsource": "MISC",
"name": "http://www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt"
},
{
"url": "https://vuldb.com/?id.12790",
"refsource": "MISC",
"name": "https://vuldb.com/?id.12790"
}
]
}
}

150
2014/125xxx/CVE-2014-125001.json
View File

@ -1,74 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125001",
"TITLE": "Cardo Systems Scala Rider Q3 Cardo-Updater api privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cardo Systems",
"product": {
"product_data": [
{
"product_name": "Scala Rider Q3",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file \/cardo\/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended."
}
]
},
"credit": "Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "8.1",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H"
}
},
"references": {
"reference_data": [
{
"url": "http:\/\/www.remote-exploit.org\/archives\/2014\/06\/03\/ride_with_the_devil\/"
},
{
"url": "https:\/\/vuldb.com\/?id.13428"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125001",
"TITLE": "Cardo Systems Scala Rider Q3 Cardo-Updater api privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cardo Systems",
"product": {
"product_data": [
{
"product_name": "Scala Rider Q3",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended."
}
]
},
"credit": "Max Moser",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "8.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
},
"references": {
"reference_data": [
{
"url": "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/",
"refsource": "MISC",
"name": "http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/"
},
{
"url": "https://vuldb.com/?id.13428",
"refsource": "MISC",
"name": "https://vuldb.com/?id.13428"
}
]
}
}

168
2021/4xxx/CVE-2021-4229.json
View File

@ -1,82 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4229",
"TITLE": "ua-parser-js Crypto Mining backdoor",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "ua-parser-js",
"version": {
"version_data": [
{
"version_value": "0.7.29"
},
{
"version_value": "0.8.0"
},
{
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912 Backdoor"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ua-parser-js 0.7.29\/0.8.0\/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/github.com\/advisories\/GHSA-pjwm-rvh2-c87w"
},
{
"url": "https:\/\/github.com\/faisalman\/ua-parser-js\/issues\/536"
},
{
"url": "https:\/\/vuldb.com\/?id.185453"
}
]
}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4229",
"TITLE": "ua-parser-js Crypto Mining backdoor",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "ua-parser-js",
"version": {
"version_data": [
{
"version_value": "0.7.29"
},
{
"version_value": "0.8.0"
},
{
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912 Backdoor"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w"
},
{
"url": "https://github.com/faisalman/ua-parser-js/issues/536",
"refsource": "MISC",
"name": "https://github.com/faisalman/ua-parser-js/issues/536"
},
{
"url": "https://vuldb.com/?id.185453",
"refsource": "MISC",
"name": "https://vuldb.com/?id.185453"
}
]
}
}

18
2021/4xxx/CVE-2021-4230.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2022/29xxx/CVE-2022-29246.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected."
"value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected."
}
]
},