From 4db3f149d885ea0381ec314edeff0ad1f4743f50 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 5 Nov 2023 21:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/20xxx/CVE-2017-20187.json | 108 +++++++++++++++++++++++++++++++-- 2018/25xxx/CVE-2018-25092.json | 108 +++++++++++++++++++++++++++++++-- 2 files changed, 208 insertions(+), 8 deletions(-) diff --git a/2017/20xxx/CVE-2017-20187.json b/2017/20xxx/CVE-2017-20187.json index 1279d93fcf4..1173ce0f30d 100644 --- a/2017/20xxx/CVE-2017-20187.json +++ b/2017/20xxx/CVE-2017-20187.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2017-20187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine problematische Schwachstelle in Magnesium-PHP bis 0.3.0 ausgemacht. Es geht dabei um die Funktion formatEmailString der Datei src/Magnesium/Message/Base.php. Durch das Manipulieren des Arguments email/name mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 500d340e1f6421007413cc08a8383475221c2604 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magnesium-PHP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.1" + }, + { + "version_affected": "=", + "version_value": "0.2" + }, + { + "version_affected": "=", + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.244482", + "refsource": "MISC", + "name": "https://vuldb.com/?id.244482" + }, + { + "url": "https://vuldb.com/?ctiid.244482", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.244482" + }, + { + "url": "https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604", + "refsource": "MISC", + "name": "https://github.com/floriangaerber/Magnesium-PHP/commit/500d340e1f6421007413cc08a8383475221c2604" + }, + { + "url": "https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1", + "refsource": "MISC", + "name": "https://github.com/floriangaerber/Magnesium-PHP/releases/tag/v0.3.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2018/25xxx/CVE-2018-25092.json b/2018/25xxx/CVE-2018-25092.json index 68d2cf20bad..e05f027b793 100644 --- a/2018/25xxx/CVE-2018-25092.json +++ b/2018/25xxx/CVE-2018-25092.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483." + }, + { + "lang": "deu", + "value": "In Vaerys-Dawn DiscordSailv2 bis 2.10.2 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Command Mention Handler. Durch Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.10.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vaerys-Dawn", + "product": { + "product_data": [ + { + "product_name": "DiscordSailv2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10.0" + }, + { + "version_affected": "=", + "version_value": "2.10.1" + }, + { + "version_affected": "=", + "version_value": "2.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.244483", + "refsource": "MISC", + "name": "https://vuldb.com/?id.244483" + }, + { + "url": "https://vuldb.com/?ctiid.244483", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.244483" + }, + { + "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69", + "refsource": "MISC", + "name": "https://github.com/Vaerys-Dawn/DiscordSailv2/commit/cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69" + }, + { + "url": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3", + "refsource": "MISC", + "name": "https://github.com/Vaerys-Dawn/DiscordSailv2/releases/tag/2.10.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] }