admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-12 15:00:39 +00:00
parent ded36e7e54
commit 4821a980fc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 820 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2022/2xxx/CVE-2022-2155.json
View File

@ -1,17 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@hitachienergy.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in the affected versions of Lumada APM\u2019s User Asset Group feature due to a flaw in access control mechanism implementation on the \u201cLimited Engineer\u201d role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer\u2019s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Energy",
"product": {
"product_data": [
{
"product_name": "Lumada APM",
"version": {
"version_data": [
{
"version_value": "6.0.0.*",
"version_affected": "="
},
{
"version_value": "6.1.0.*",
"version_affected": "="
},
{
"version_value": "6.2.0.*",
"version_affected": "="
},
{
"version_value": "6.3.0.*",
"version_affected": "="
},
{
"version_value": "6.4.0.0",
"version_affected": "="
},
{
"version_value": "6.4.0.1",
"version_affected": "!"
},
{
"version_value": "6.5.0.0",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000112&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000112&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nOut-of-the-box, Lumada APM \u2013 On Premise does not support the Power BI integration feature. Nonetheless,\none can connect a subscription-based Power BI to Lumada APM.&nbsp;<br><ul><li>In case the Power BI integration feature is enabled, it is recommended to either disable the unsupported Power BI integration feature if there are users with \u201cLimited Engineer\u201d role, or to remove any users with \u201cLimited Engineer\u201d role or to assign those users to other role prior to using the unsupported Power BI integration feature.</li><li>If Power BI integration is disabled, it is safe to continue to assign the \u201cLimited Engineer\u201d role to users.<br></li></ul>Apply general mitigation factors as described in the respective advisory.&nbsp;"
}
],
"value": "\nOut-of-the-box, Lumada APM \u2013 On Premise does not support the Power BI integration feature. Nonetheless,\none can connect a subscription-based Power BI to Lumada APM.\u00a0\n * In case the Power BI integration feature is enabled, it is recommended to either disable the unsupported Power BI integration feature if there are users with \u201cLimited Engineer\u201d role, or to remove any users with \u201cLimited Engineer\u201d role or to assign those users to other role prior to using the unsupported Power BI integration feature.\n * If Power BI integration is disabled, it is safe to continue to assign the \u201cLimited Engineer\u201d role to users.\n\n\n\nApply general mitigation factors as described in the respective advisory.\u00a0"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ul><li>For Lumada APM version 6.4.0.* \u2013 Update to Lumada APM version 6.4.0.1, or upgrade to Lumada APM version 6.5.0.0 (or newer).<br></li><li>For Lumada APM versions prior to 6.4.0.0 \u2013 Upgrade to Lumada APM version 6.4.0.1 or 6.5.0.0 or newer.&nbsp;<br></li></ul>"
}
],
"value": " * For Lumada APM version 6.4.0.* \u2013 Update to Lumada APM version 6.4.0.1, or upgrade to Lumada APM version 6.5.0.0 (or newer).\n\n * For Lumada APM versions prior to 6.4.0.0 \u2013 Upgrade to Lumada APM version 6.4.0.1 or 6.5.0.0 or newer.\u00a0\n\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

55
2022/3xxx/CVE-2022-3341.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FFmpeg",
"version": {
"version_data": [
{
"version_value": "Fixed-in ffmpeg 5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2157054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2157054"
},
{
"refsource": "MISC",
"name": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e",
"url": "https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash."
}
]
}

60
2022/3xxx/CVE-2022-3437.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"
},
{
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2022-3437.html",
"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3437",
"url": "https://access.redhat.com/security/cve/CVE-2022-3437"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."
}
]
}

65
2022/3xxx/CVE-2022-3515.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libksba",
"version": {
"version_data": [
{
"version_value": "Fixed in libksba v1.6.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 - Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610"
},
{
"refsource": "MISC",
"name": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html",
"url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"
},
{
"refsource": "MISC",
"name": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b",
"url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3515",
"url": "https://access.redhat.com/security/cve/CVE-2022-3515"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."
}
]
}

60
2022/3xxx/CVE-2022-3592.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "Affects samba since 4.17.0, Fixed samba 4.17.2."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61 - UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2137776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137776"
},
{
"refsource": "MISC",
"name": "https://www.samba.org/samba/security/CVE-2022-3592.html",
"url": "https://www.samba.org/samba/security/CVE-2022-3592.html"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2022-3592",
"url": "https://access.redhat.com/security/cve/CVE-2022-3592"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem."
}
]
}

56
2022/46xxx/CVE-2022-46503.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-46503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-46503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mkwsj007/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/XSS-1.md",
"refsource": "MISC",
"name": "https://github.com/mkwsj007/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/XSS-1.md"
}
]
}

106
2023/0xxx/CVE-2023-0243.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0243",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\\Manage\\Controller\\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in TuziCMS 2.0.6 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion index der Datei App\\Manage\\Controller\\ArticleController.class.php der Komponente Article Module. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "TuziCMS",
"version": {
"version_data": [
{
"version_value": "2.0.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218151",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218151"
},
{
"url": "https://vuldb.com/?ctiid.218151",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218151"
},
{
"url": "https://github.com/yeyinshi/tuzicms/issues/12",
"refsource": "MISC",
"name": "https://github.com/yeyinshi/tuzicms/issues/12"
}
]
},
"credits": [
{
"lang": "en",
"value": "Evilmu1 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2023/0xxx/CVE-2023-0244.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0244",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \\App\\Manage\\Controller\\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152."
},
{
"lang": "deu",
"value": "In TuziCMS 2.0.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion delall der Datei \\App\\Manage\\Controller\\KefuController.class.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "TuziCMS",
"version": {
"version_data": [
{
"version_value": "2.0.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218152",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218152"
},
{
"url": "https://vuldb.com/?ctiid.218152",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218152"
},
{
"url": "https://github.com/yeyinshi/tuzicms/issues/13",
"refsource": "MISC",
"name": "https://github.com/yeyinshi/tuzicms/issues/13"
}
]
},
"credits": [
{
"lang": "en",
"value": "Evilmu1 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2023/0xxx/CVE-2023-0245.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0245",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Online Flight Booking Management System entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei add_contestant.php. Dank Manipulation des Arguments add_contestant mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Flight Booking Management System",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.218153",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218153"
},
{
"url": "https://vuldb.com/?ctiid.218153",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218153"
},
{
"url": "https://github.com/f4cky0u/Security-vulnerabilities/blob/main/Online%20Flight%20Booking%20Management%20System%20add_contestant.php%20has%20SQLinject.md",
"refsource": "MISC",
"name": "https://github.com/f4cky0u/Security-vulnerabilities/blob/main/Online%20Flight%20Booking%20Management%20System%20add_contestant.php%20has%20SQLinject.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Evilmu1 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

100
2023/0xxx/CVE-2023-0246.json Normal file
View File

@ -0,0 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-0246",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in earclink ESPCMS P8.21120101 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Content Handler. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "earclink",
"product": {
"product_data": [
{
"product_name": "ESPCMS",
"version": {
"version_data": [
{
"version_value": "P8.21120101",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/earclink/espcms/issues/I6812Q",
"refsource": "MISC",
"name": "https://gitee.com/earclink/espcms/issues/I6812Q"
},
{
"url": "https://vuldb.com/?id.218154",
"refsource": "MISC",
"name": "https://vuldb.com/?id.218154"
},
{
"url": "https://vuldb.com/?ctiid.218154",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.218154"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}