admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into CVE-2022-2022

Browse Source
This commit is contained in:
JamieSlome 2022-06-10 11:24:25 +01:00
commit 4b845e3470
755 changed files with 26043 additions and 1512 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2016/15xxx/CVE-2016-15002.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-15002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "MONyog Ultimate Cookie privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "MONyog Ultimate",
"version": {
"version_data": [
{
"version_value": "6.63"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely."
}
]
},
"credit": "Mulail Mohamed",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://youtu.be/KKlwi-u6wyA",
"refsource": "MISC",
"name": "https://youtu.be/KKlwi-u6wyA"
},
{
"url": "https://vuldb.com/?id.98355",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98355"
}
]
}

64
2017/20xxx/CVE-2017-20017.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "The Next Generation of Genealogy Sitebuilding timeline2.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "The Next Generation of Genealogy Sitebuilding",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "X-Cisadane",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.105833",
"refsource": "MISC",
"name": "https://vuldb.com/?id.105833"
}
]
}

65
2017/20xxx/CVE-2017-20018.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "XAMPP Installer uncontrolled search path",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "XAMPP",
"version": {
"version_data": [
{
"version_value": "7.1.1-0-VC14"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt"
},
{
"url": "https://vuldb.com/?id.100950",
"refsource": "MISC",
"name": "https://vuldb.com/?id.100950"
}
]
}

69
2017/20xxx/CVE-2017-20019.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log Config information disclosure",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98929",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98929"
}
]
}

69
2017/20xxx/CVE-2017-20020.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98930",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98930"
}
]
}

69
2017/20xxx/CVE-2017-20021.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log File Upload privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98931",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98931"
}
]
}

69
2017/20xxx/CVE-2017-20022.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log information disclosure",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98932",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98932"
}
]
}

69
2017/20xxx/CVE-2017-20023.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log Network Config privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98933",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98933"
}
]
}

69
2017/20xxx/CVE-2017-20024.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98934",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98934"
}
]
}

69
2017/20xxx/CVE-2017-20025.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Solare Solar-Log Flash Memory privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solare",
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "T. Weber",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"url": "https://vuldb.com/?id.98935",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98935"
}
]
}

69
2017/20xxx/CVE-2017-20026.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "HumHub Reflected cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "HumHub",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/47",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/47"
},
{
"url": "https://vuldb.com/?id.98923",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98923"
}
]
}

69
2017/20xxx/CVE-2017-20027.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "HumHub DOM cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "HumHub",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/47",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/47"
},
{
"url": "https://vuldb.com/?id.98924",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98924"
}
]
}

69
2017/20xxx/CVE-2017-20028.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "HumHub privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "HumHub",
"version": {
"version_data": [
{
"version_value": "0.20.1"
},
{
"version_value": "1.0.0-beta.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.6",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/48",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/48"
},
{
"url": "https://vuldb.com/?id.98925",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98925"
}
]
}

66
2017/20xxx/CVE-2017-20029.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Edit Subscription index.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/45",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/45"
},
{
"url": "https://vuldb.com/?id.98915",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98915"
}
]
}

66
2017/20xxx/CVE-2017-20030.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Sending Campain sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/45",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/45"
},
{
"url": "https://vuldb.com/?id.98916",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98916"
}
]
}

66
2017/20xxx/CVE-2017-20031.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList information disclosure",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "2.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/45",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/45"
},
{
"url": "https://vuldb.com/?id.98917",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98917"
}
]
}

66
2017/20xxx/CVE-2017-20032.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Subscription sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/45",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/45"
},
{
"url": "https://vuldb.com/?id.98918",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98918"
}
]
}

66
2017/20xxx/CVE-2017-20033.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Reflected cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\\'\\\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/46"
},
{
"url": "https://vuldb.com/?id.98919",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98919"
}
]
}

66
2017/20xxx/CVE-2017-20034.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList List Name Persistent cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/46"
},
{
"url": "https://vuldb.com/?id.98920",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98920"
}
]
}

66
2017/20xxx/CVE-2017-20035.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Subscribe Persistent cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/46"
},
{
"url": "https://vuldb.com/?id.98921",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98921"
}
]
}

66
2017/20xxx/CVE-2017-20036.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PHPList Bounce Rule Persistent cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PHPList",
"version": {
"version_data": [
{
"version_value": "3.2.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Tim Coen",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2017/Mar/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2017/Mar/46"
},
{
"url": "https://vuldb.com/?id.98922",
"refsource": "MISC",
"name": "https://vuldb.com/?id.98922"
}
]
}

18
2017/20xxx/CVE-2017-20046.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/20xxx/CVE-2017-20047.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/20xxx/CVE-2017-20048.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/20xxx/CVE-2017-20049.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/20xxx/CVE-2017-20050.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2017/20xxx/CVE-2017-20051.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2019/25xxx/CVE-2019-25062.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Sricam IP CCTV Camera Device Viewer stack-based overflow",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sricam",
"product": {
"product_data": [
{
"product_name": "IP CCTV Camera",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Alessandro Magnosi",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/47477",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47477"
},
{
"url": "https://vuldb.com/?id.159431",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159431"
}
]
}

60
2019/25xxx/CVE-2019-25063.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Sricam IP CCTV Camera Device Viewer memory corruption",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sricam",
"product": {
"product_data": [
{
"product_name": "IP CCTV Camera",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Memory Corruption"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159432",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159432"
}
]
}

82
2019/25xxx/CVE-2019-25064.json
View File

@ -4,14 +4,90 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "CoreHR Core Portal cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CoreHR",
"product": {
"product_data": [
{
"product_name": "Core Portal",
"version": {
"version_data": [
{
"version_value": "27.0.0"
},
{
"version_value": "27.0.1"
},
{
"version_value": "27.0.2"
},
{
"version_value": "27.0.3"
},
{
"version_value": "27.0.4"
},
{
"version_value": "27.0.5"
},
{
"version_value": "27.0.6"
},
{
"version_value": "27.0.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "Alessandro Magnosi",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.146832",
"refsource": "MISC",
"name": "https://vuldb.com/?id.146832"
}
]
}

66
2019/25xxx/CVE-2019-25065.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "OpenNetAdmin os command injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "OpenNetAdmin",
"version": {
"version_data": [
{
"version_value": "18.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Matt Pascoe",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://0day.today/exploit/33544",
"refsource": "MISC",
"name": "https://0day.today/exploit/33544"
},
{
"url": "https://vuldb.com/?id.146798",
"refsource": "MISC",
"name": "https://vuldb.com/?id.146798"
}
]
}

71
2019/25xxx/CVE-2019-25066.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "ajenti API privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "ajenti",
"version": {
"version_data": [
{
"version_value": "2.1.31"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component."
}
]
},
"credit": "Jeremy Brown",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/47497",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47497"
},
{
"url": "https://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767c",
"refsource": "MISC",
"name": "https://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767c"
},
{
"url": "https://vuldb.com/?id.143950",
"refsource": "MISC",
"name": "https://vuldb.com/?id.143950"
}
]
}

76
2019/25xxx/CVE-2019-25067.json
View File

@ -4,14 +4,84 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Podman/Varlink API Privilege Escalation",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Podman",
"version": {
"version_data": [
{
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "Varlink",
"version": {
"version_data": [
{
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Jeremy Brown",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://www.exploit-db.com/exploits/47500",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47500"
},
{
"url": "https://vuldb.com/?id.143949",
"refsource": "MISC",
"name": "https://vuldb.com/?id.143949"
}
]
}

64
2019/25xxx/CVE-2019-25068.json
View File

@ -4,14 +4,72 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axios Italia Axios RE Connection REDefault.aspx privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axios Italia",
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely."
}
]
},
"credit": "ErPaciocco",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"name": "https://vuldb.com/?id.139528"
}
]
}

69
2019/25xxx/CVE-2019-25069.json
View File

@ -4,14 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axios Italia Axios RE Error Message ASP.NET information disclosure",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axios Italia",
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely."
}
]
},
"credit": "ErPaciocco",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"name": "https://vuldb.com/?id.139528"
},
{
"url": "https://vuldb.com/?id.139529",
"refsource": "MISC",
"name": "https://vuldb.com/?id.139529"
}
]
}

68
2019/25xxx/CVE-2019-25070.json
View File

@ -4,14 +4,76 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "WolfCMS User Add cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "WolfCMS",
"version": {
"version_data": [
{
"version_value": "0.8.3.0"
},
{
"version_value": "0.8.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfcms/wolfcms/issues/683",
"refsource": "MISC",
"name": "https://github.com/wolfcms/wolfcms/issues/683"
},
{
"url": "https://vuldb.com/?id.135125",
"refsource": "MISC",
"name": "https://vuldb.com/?id.135125"
}
]
}

66
2019/9xxx/CVE-2019-9971.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-9971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/",
"refsource": "MISC",
"name": "https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/"
},
{
"url": "https://www.gosecure.net/blog",
"refsource": "MISC",
"name": "https://www.gosecure.net/blog"
},
{
"refsource": "MISC",
"name": "https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/",
"url": "https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/"
}
]
}

61
2019/9xxx/CVE-2019-9972.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-9972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of \"<space><space> followed by <shift><enter>\" mishandling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.gosecure.net/blog",
"refsource": "MISC",
"name": "https://www.gosecure.net/blog"
},
{
"refsource": "MISC",
"name": "https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/",
"url": "https://www.gosecure.net/blog/2022/05/31/security-advisory-multiple-vulnerabilities-impact-3cx-phone-system/"
}
]
}

50
2020/14xxx/CVE-2020-14125.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xiaomi.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Redmi Note 11 ,Redmi Note 9T",
"version": {
"version_data": [
{
"version_value": "Redmi Note 11 MIUI<2022.01.26, Redmi Note 9T MIUI<2022.01.26"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
]
}

65
2020/36xxx/CVE-2020-36523.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "PlantUML Database Information Macro cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "PlantUML",
"version": {
"version_data": [
{
"version_value": "6.43"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2020/Oct/15",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/15"
},
{
"url": "https://vuldb.com/?id.164509",
"refsource": "MISC",
"name": "https://vuldb.com/?id.164509"
}
]
}

65
2020/36xxx/CVE-2020-36524.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Refined Toolkit UI-Image/UI-Button cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Refined Toolkit",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2020/Oct/15",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/15"
},
{
"url": "https://vuldb.com/?id.164510",
"refsource": "MISC",
"name": "https://vuldb.com/?id.164510"
}
]
}

65
2020/36xxx/CVE-2020-36525.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Linking New Windows Macro cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Linking",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2020/Oct/15",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/15"
},
{
"url": "https://vuldb.com/?id.164511",
"refsource": "MISC",
"name": "https://vuldb.com/?id.164511"
}
]
}

65
2020/36xxx/CVE-2020-36526.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Countdown Timer Macro cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Countdown Timer",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2020/Oct/15",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/15"
},
{
"url": "https://vuldb.com/?id.164512",
"refsource": "MISC",
"name": "https://vuldb.com/?id.164512"
}
]
}

65
2020/36xxx/CVE-2020-36527.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Server Status HTTP Status/SMTP Status cross site scripting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Server Status",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2020/Oct/15",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Oct/15"
},
{
"url": "https://vuldb.com/?id.164513",
"refsource": "MISC",
"name": "https://vuldb.com/?id.164513"
}
]
}

66
2020/36xxx/CVE-2020-36528.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Platinum Mobile MobileHandler.ashx access control",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Platinum Mobile",
"version": {
"version_data": [
{
"version_value": "1.0.4.850"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Improper Access Controls"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"credit": "M. Li",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2020/Oct/4",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Oct/4"
},
{
"url": "https://vuldb.com/?id.162264",
"refsource": "MISC",
"name": "https://vuldb.com/?id.162264"
}
]
}

132
2020/36xxx/CVE-2020-36529.json
View File

@ -4,14 +4,140 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SevOne Network Management System Traceroute traceroute.php command injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SevOne",
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."
}
]
},
"credit": "Calvin Phang",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"url": "https://vuldb.com/?id.162261",
"refsource": "MISC",
"name": "https://vuldb.com/?id.162261"
}
]
}

132
2020/36xxx/CVE-2020-36530.json
View File

@ -4,14 +4,140 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SevOne Network Management System Alert Summary sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SevOne",
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely."
}
]
},
"credit": "Calvin Phang",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"url": "https://vuldb.com/?id.162262",
"refsource": "MISC",
"name": "https://vuldb.com/?id.162262"
}
]
}

132
2020/36xxx/CVE-2020-36531.json
View File

@ -4,14 +4,140 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SevOne Network Management System Device Manager Page injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SevOne",
"product": {
"product_data": [
{
"product_name": "Network Management System",
"version": {
"version_data": [
{
"version_value": "5.7.2.0"
},
{
"version_value": "5.7.2.1"
},
{
"version_value": "5.7.2.2"
},
{
"version_value": "5.7.2.3"
},
{
"version_value": "5.7.2.4"
},
{
"version_value": "5.7.2.5"
},
{
"version_value": "5.7.2.6"
},
{
"version_value": "5.7.2.7"
},
{
"version_value": "5.7.2.8"
},
{
"version_value": "5.7.2.9"
},
{
"version_value": "5.7.2.10"
},
{
"version_value": "5.7.2.11"
},
{
"version_value": "5.7.2.12"
},
{
"version_value": "5.7.2.13"
},
{
"version_value": "5.7.2.14"
},
{
"version_value": "5.7.2.15"
},
{
"version_value": "5.7.2.16"
},
{
"version_value": "5.7.2.17"
},
{
"version_value": "5.7.2.18"
},
{
"version_value": "5.7.2.19"
},
{
"version_value": "5.7.2.20"
},
{
"version_value": "5.7.2.21"
},
{
"version_value": "5.7.2.22"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely."
}
]
},
"credit": "Calvin Phang",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2020/Oct/5",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2020/Oct/5"
},
{
"url": "https://vuldb.com/?id.162263",
"refsource": "MISC",
"name": "https://vuldb.com/?id.162263"
}
]
}

66
2020/36xxx/CVE-2020-36532.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Klapp App Authorization Credentials information disclosure",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Klapp",
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app."
}
]
},
"credit": "Sven Fassbender",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html",
"refsource": "MISC",
"name": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"url": "https://vuldb.com/?id.160762",
"refsource": "MISC",
"name": "https://vuldb.com/?id.160762"
}
]
}

66
2020/36xxx/CVE-2020-36533.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Klapp App JSON Web Token improper authentication",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Klapp",
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely."
}
]
},
"credit": "Sven Fassbender",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html",
"refsource": "MISC",
"name": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"url": "https://vuldb.com/?id.160763",
"refsource": "MISC",
"name": "https://vuldb.com/?id.160763"
}
]
}

65
2020/36xxx/CVE-2020-36534.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "easyii CMS out cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "easyii",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/noumo/easyii/",
"refsource": "MISC",
"name": "https://github.com/noumo/easyii/"
},
{
"url": "https://vuldb.com/?id.160278",
"refsource": "MISC",
"name": "https://vuldb.com/?id.160278"
}
]
}

61
2020/36xxx/CVE-2020-36535.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "MINMAX newsDia.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "MINMAX",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159957",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159957"
}
]
}

61
2020/36xxx/CVE-2020-36536.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Brandbugle main.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Brandbugle",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159956",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159956"
}
]
}

61
2020/36xxx/CVE-2020-36537.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Everywhere CMS sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Everywhere",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159954",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159954"
}
]
}

61
2020/36xxx/CVE-2020-36538.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Eatan CMS sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eatan",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159955",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159955"
}
]
}

61
2020/36xxx/CVE-2020-36539.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "L\u00f3gico y Creativo sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "L\u00f3gico y Creativo",
"version": {
"version_data": [
{
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in L\u00f3gico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159953",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159953"
}
]
}

61
2020/36xxx/CVE-2020-36540.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Neetai Tech product.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Neetai Tech",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.159438",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159438"
}
]
}

70
2020/36xxx/CVE-2020-36541.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Demokratian genera_select.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Demokratian",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian",
"refsource": "MISC",
"name": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"
},
{
"url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/b56c48b519fc52efa65404c312ea9bbde320e3fa",
"refsource": "MISC",
"name": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/b56c48b519fc52efa65404c312ea9bbde320e3fa"
},
{
"url": "https://vuldb.com/?id.159434",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159434"
}
]
}

70
2020/36xxx/CVE-2020-36542.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Demokratian install3.php privileges management",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Demokratian",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian",
"refsource": "MISC",
"name": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"
},
{
"url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3",
"refsource": "MISC",
"name": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"
},
{
"url": "https://vuldb.com/?id.159435",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159435"
}
]
}

65
2020/36xxx/CVE-2020-36543.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SialWeb CMS about.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SialWeb",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://sialweb.net/",
"refsource": "MISC",
"name": "https://sialweb.net/"
},
{
"url": "https://vuldb.com/?id.159429",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159429"
}
]
}

65
2020/36xxx/CVE-2020-36544.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SialWeb CMS Search cross site scriting",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SialWeb",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Basic Cross Site Scripting"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
}
},
"references": {
"reference_data": [
{
"url": "https://sialweb.net/",
"refsource": "MISC",
"name": "https://sialweb.net/"
},
{
"url": "https://vuldb.com/?id.159430",
"refsource": "MISC",
"name": "https://vuldb.com/?id.159430"
}
]
}

6
2020/4xxx/CVE-2020-4008.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "VMware Carbon Black Cloud macOS Sensor prior to 3.5.1"
"version_value": "VMware Carbon Black Cloud macOS Sensor (prior to 3.5.1)"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "File overwrite issue"
"value": "VMware Carbon Black Cloud macOS Sensor installer file overwrite issue"
}
]
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "The installer of the macOS Sensor for VMware Carbon Black Cloud prior to 3.5.1 handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation."
"value": "The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation."
}
]
}

5
2020/9xxx/CVE-2020-9014.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_NSAU.sys",
"url": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_NSAU.sys"
},
{
"refsource": "MISC",
"name": "https://epson.com/Support/wa00935",
"url": "https://epson.com/Support/wa00935"
}
]
}

5
2020/9xxx/CVE-2020-9453.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sys",
"url": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sys"
},
{
"refsource": "MISC",
"name": "https://epson.com/Support/wa00936",
"url": "https://epson.com/Support/wa00936"
}
]
}

5
2021/25xxx/CVE-2021-25745.json
View File

@ -89,6 +89,11 @@
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502",
"name": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},

5
2021/25xxx/CVE-2021-25746.json
View File

@ -93,6 +93,11 @@
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503",
"name": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},

5
2021/26xxx/CVE-2021-26084.json
View File

@ -117,6 +117,11 @@
"url": "https://jira.atlassian.com/browse/CONFSERVER-67940",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-67940"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
"url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
}
]
}

5
2021/26xxx/CVE-2021-26720.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1180827",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1180827"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"
}
]
}

80
2021/27xxx/CVE-2021-27786.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"DATE_PUBLIC": "2022-06-07T00:00:00.000Z",
"ID": "CVE-2021-27786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL OneTest Server",
"version": {
"version_data": [
{
"version_value": "10.0, 10.1, 10.2"
}
]
}
}
]
},
"vendor_name": "HCL Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2021/32xxx/CVE-2021-32040.json
View File

@ -99,6 +99,11 @@
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/SERVER-60218",
"name": "https://jira.mongodb.org/browse/SERVER-60218"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220609-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220609-0005/"
}
]
},

123
2021/35xxx/CVE-2021-35530.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "User authentication bypass in TXpert Hub CoreTec 4 "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "INTERNAL"
}
}

107
2021/35xxx/CVE-2021-35531.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution in TXpert Hub CoreTec 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update the system to TXpert Hub CoreTec 4 version 2.3.0 that fixes the issues."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

109
2021/35xxx/CVE-2021-35532.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@hitachienergy.com",
"DATE_PUBLIC": "2022-05-10T10:00:00.000Z",
"ID": "CVE-2021-35532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Firmware upload verification bypass in TXpert Hub CoreTec 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TXpert Hub CoreTec 4 version",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_name": "2.0.1",
"version_value": "2.0.1"
},
{
"version_affected": "=",
"version_name": "2.1.0",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_name": "2.1.1",
"version_value": "2.1.1"
},
{
"version_affected": "=",
"version_name": "2.1.2",
"version_value": "2.1.2"
},
{
"version_affected": "=",
"version_name": "2.1.3",
"version_value": "2.1.3"
},
{
"version_affected": "=",
"version_name": "2.2.0",
"version_value": "2.2.0"
},
{
"version_affected": "=",
"version_name": "2.2.1",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Hitachi Energy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000080&LanguageCode=en&DocumentPartId=&Action=Launch&utm_campaign=&utm_content=2022.04_5763_Cybersecurity%20Advisory%20Update_May_03&utm_medium=email&utm_source=Eloqua"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "To reduce risk of exploitation, please apply the recommended mitigation as described in the advisory Section Mitigation Factors/Workarounds."
}
]
}

56
2021/36xxx/CVE-2021-36710.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-strikes-back.c",
"refsource": "MISC",
"name": "https://github.com/mehsauce/kowasuos/blob/master/exploits/kowasu-sysfunc-strikes-back.c"
}
]
}

50
2021/39xxx/CVE-2021-39795.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39795",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-11 Android-12 Android-12L"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2022-04-01",
"url": "https://source.android.com/security/bulletin/2022-04-01"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app's dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/security/bulletin/2022-04-01) due to a functional regression. We will re-release this CVE at a future date, in a future publication that is currently TBD"
}
]
}

5
2021/3xxx/CVE-2021-3468.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"
}
]
},

5
2021/3xxx/CVE-2021-3503.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/WFLY-11933",
"url": "https://issues.redhat.com/browse/WFLY-11933"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220609-0004/",
"url": "https://security.netapp.com/advisory/ntap-20220609-0004/"
}
]
},

56
2021/40xxx/CVE-2021-40589.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/p/zangband/bugs/671/",
"refsource": "MISC",
"name": "https://sourceforge.net/p/zangband/bugs/671/"
}
]
}

61
2021/40xxx/CVE-2021-40592.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a"
},
{
"url": "https://github.com/gpac/gpac/issues/1876",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1876"
}
]
}

56
2021/40xxx/CVE-2021-40610.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/blackQvQ/emlog/issues/1",
"refsource": "MISC",
"name": "https://github.com/blackQvQ/emlog/issues/1"
}
]
}

61
2021/40xxx/CVE-2021-40668.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://eddiez.me/path-traversal-in-slowscript-httpfileserver/",
"refsource": "MISC",
"name": "https://eddiez.me/path-traversal-in-slowscript-httpfileserver/"
},
{
"url": "https://play.google.com/store/apps/details?id=slowscript.httpfileserver",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=slowscript.httpfileserver"
}
]
}

66
2021/40xxx/CVE-2021-40961.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2021/Mar/49",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Mar/49"
},
{
"url": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md",
"refsource": "MISC",
"name": "https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md"
},
{
"url": "https://packetstormsecurity.com/files/161895/CMS-Made-Simple-2.2.15-SQL-Injection.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/161895/CMS-Made-Simple-2.2.15-SQL-Injection.html"
}
]
}

5
2021/41xxx/CVE-2021-41303.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[shiro-user] 20210929 Re: CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass",
"url": "https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220609-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220609-0001/"
}
]
},

5
2021/42xxx/CVE-2021-42013.json
View File

@ -213,6 +213,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://www.povilaika.com/apache-2-4-50-exploit/",
"url": "https://www.povilaika.com/apache-2-4-50-exploit/"
}
]
},

5
2021/43xxx/CVE-2021-43331.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}

5
2021/43xxx/CVE-2021-43332.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}

2
2021/44xxx/CVE-2021-44095.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. \u00b6\u00b6 A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database."
"value": "A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database."
}
]
},

5
2021/44xxx/CVE-2021-44227.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugs.launchpad.net/mailman/+bug/1952384",
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
},

2
2021/45xxx/CVE-2021-45818.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting."
"value": "SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting."
}
]
},

18
2021/46xxx/CVE-2021-46816.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46816",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/46xxx/CVE-2021-46817.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/46xxx/CVE-2021-46818.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/46xxx/CVE-2021-46819.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

69
2022/0xxx/CVE-2022-0779.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "User Meta \u2013 User Profile Builder and User management plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.4.4",
"version_value": "2.4.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd",
"name": "https://wpscan.com/vulnerability/9d4a3f09-b011-4d87-ab63-332e505cf1cd"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Julien Ahrens"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

69
2022/0xxx/CVE-2022-0788.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Fundraising Donation and Crowdfunding Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4.2",
"version_value": "1.4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828",
"name": "https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

57
2022/0xxx/CVE-2022-0823.json
View File

@ -3,15 +3,66 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-0823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "Zyxel GS1200 series firmware",
"version": {
"version_data": [
{
"version_value": "2.00 Patch 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."
}
]
}

134
2022/0xxx/CVE-2022-0836.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0836",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SEMA API <= 3.64 - Unauthenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SEMA API",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.64",
"version_value": "3.64"
"CVE_data_meta": {
"ID": "CVE-2022-0836",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "SEMA API < 4.02 - Unauthenticated SQLi"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "SEMA API",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.02",
"version_value": "4.02"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEMA API WordPress plugin through 3.64 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2a226ae8-7d9c-4f47-90af-8a399a08f03f",
"name": "https://wpscan.com/vulnerability/2a226ae8-7d9c-4f47-90af-8a399a08f03f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2a226ae8-7d9c-4f47-90af-8a399a08f03f",
"name": "https://wpscan.com/vulnerability/2a226ae8-7d9c-4f47-90af-8a399a08f03f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

69
2022/1xxx/CVE-2022-1005.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Statistics < 13.2.2 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Statistics",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.2.2",
"version_value": "13.2.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f37d1d55-10cc-4202-8d16-9ec2128f54f9",
"name": "https://wpscan.com/vulnerability/f37d1d55-10cc-4202-8d16-9ec2128f54f9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Taurus Omar"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

69
2022/1xxx/CVE-2022-1241.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ask Me < 6.8.2 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
"name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

5
2022/1xxx/CVE-2022-1328.json
View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220510 [SECURITY] [DLA 2999-1] mutt security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00010.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-f1a8f72bb8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35CD7NH4NFPF5OEG2PHI3CZ3UOK3ICXR/"
}
]
},

Some files were not shown because too many files have changed in this diff Show More