admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-05 21:00:34 +00:00
parent 5d5283c29b
commit 4db3f149d8
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 208 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
2017/20xxx/CVE-2017-20187.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20187",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine problematische Schwachstelle in Magnesium-PHP bis 0.3.0 ausgemacht. Es geht dabei um die Funktion formatEmailString der Datei src/Magnesium/Message/Base.php. Durch das Manipulieren des Arguments email/name mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 500d340e1f6421007413cc08a8383475221c2604 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Magnesium-PHP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1"
},
{
"version_affected": "=",
"version_value": "0.2"
},
{
"version_affected": "=",
"version_value": "0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.244482",
"refsource": "MISC",
"name": "https://vuldb.com/?id.244482"
},
{
"url": "https://vuldb.com/?ctiid.244482",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.244482"
},
{
"url": "https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604",
"refsource": "MISC",
"name": "https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604"
},
{
"url": "https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1",
"refsource": "MISC",
"name": "https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

108
2018/25xxx/CVE-2018-25092.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483."
},
{
"lang": "deu",
"value": "In Vaerys-Dawn DiscordSailv2 bis 2.10.2 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Command Mention Handler. Durch Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.10.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vaerys-Dawn",
"product": {
"product_data": [
{
"product_name": "DiscordSailv2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.10.0"
},
{
"version_affected": "=",
"version_value": "2.10.1"
},
{
"version_affected": "=",
"version_value": "2.10.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.244483",
"refsource": "MISC",
"name": "https://vuldb.com/?id.244483"
},
{
"url": "https://vuldb.com/?ctiid.244483",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.244483"
},
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69",
"refsource": "MISC",
"name": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69"
},
{
"url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3",
"refsource": "MISC",
"name": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}