admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 13:00:40 +00:00
parent 8a3d169298
commit 4efcff6b68
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
49 changed files with 450 additions and 499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2017/20xxx/CVE-2017-20178.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version 2.8.1 is able to address this issue. The name of the patch is 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Eine problematische Schwachstelle wurde in Codiad 2.8.0 ausgemacht. Betroffen davon ist die Funktion saveJSON der Datei components/install/process.php. Mit der Manipulation des Arguments data mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.8.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 517119de673e62547ee472a730be0604f44342b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine problematische Schwachstelle wurde in Codiad 2.8.0 ausgemacht. Betroffen davon ist die Funktion saveJSON der Datei components/install/process.php. Mit der Manipulation des Arguments data mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Ein Aktualisieren auf die Version 2.8.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 517119de673e62547ee472a730be0604f44342b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N"
}
]
}

5
2017/20xxx/CVE-2017-20179.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The name of the patch is 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507."
"value": "A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507."
},
{
"lang": "deu",
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2017/20xxx/CVE-2017-20180.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4.1,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:P"
}
]
}

7
2017/20xxx/CVE-2017-20181.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328."
"value": "A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328."
},
{
"lang": "deu",
"value": "In hgzojer Vocable Trainer bis 1.3.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei src/at/hgz/vocabletrainer/VocableTrainerProvider.java. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 1.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als accf6838078f8eb105cfc7865aba5c705fb68426 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "In hgzojer Vocable Trainer bis 1.3.0 f\u00fcr Android wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei src/at/hgz/vocabletrainer/VocableTrainerProvider.java. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 1.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als accf6838078f8eb105cfc7865aba5c705fb68426 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -115,8 +115,7 @@
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2017/20xxx/CVE-2017-20182.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611."
"value": "A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The patch is named 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611."
},
{
"lang": "deu",
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2017/20xxx/CVE-2017-20183.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2017/20xxx/CVE-2017-20185.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2017/20xxx/CVE-2017-20186.json
View File

@ -110,8 +110,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

15
2018/25xxx/CVE-2018-25059.json
View File

@ -44,16 +44,16 @@
"version": {
"version_data": [
{
"version_value": "0.2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "0.2.0"
},
{
"version_value": "0.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.2.1"
},
{
"version_value": "0.2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.2.2"
}
]
}
@ -116,8 +116,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

11
2018/25xxx/CVE-2018-25060.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Macaron csrf gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei csrf.go. Mittels Manipulieren des Arguments Generate mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als dadd1711a617000b70e5e408a76531b73187031c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
"value": "Eine Schwachstelle wurde in Macaron csrf gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei csrf.go. Mittels Manipulieren des Arguments Generate mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als dadd1711a617000b70e5e408a76531b73187031c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

29
2018/25xxx/CVE-2018-25061.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151."
"value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The patch is named 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151."
},
{
"lang": "deu",
@ -44,28 +44,28 @@
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.0"
},
{
"version_value": "0.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.1"
},
{
"version_value": "0.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.2"
},
{
"version_value": "0.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.3"
},
{
"version_value": "0.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.4"
},
{
"version_value": "0.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.5"
}
]
}
@ -123,8 +123,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

11
2018/25xxx/CVE-2018-25062.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
"value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x f\u00fcr Nexus 9 entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "6.x",
"version_affected": "="
"version_affected": "=",
"version_value": "6.x"
}
]
}
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P"
}
]
}

25
2018/25xxx/CVE-2018-25063.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability."
"value": "A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The identifier of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,24 +44,24 @@
"version": {
"version_data": [
{
"version_value": "1.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_value": "1.3.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.1"
},
{
"version_value": "1.3.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.2"
},
{
"version_value": "1.3.3",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.3"
},
{
"version_value": "1.3.4",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.4"
}
]
}
@ -124,8 +124,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

9
2018/25xxx/CVE-2018-25064.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439."
"value": "A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

9
2018/25xxx/CVE-2018-25065.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability."
"value": "A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

13
2018/25xxx/CVE-2018-25066.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,12 +44,12 @@
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
},
{
"version_value": "2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1"
}
]
}
@ -107,8 +107,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

21
2018/25xxx/CVE-2018-25067.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,20 +44,20 @@
"version": {
"version_data": [
{
"version_value": "3.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_value": "3.3.1",
"version_affected": "="
"version_affected": "=",
"version_value": "3.3.1"
},
{
"version_value": "3.3.2",
"version_affected": "="
"version_affected": "=",
"version_value": "3.3.2"
},
{
"version_value": "3.3.3",
"version_affected": "="
"version_affected": "=",
"version_value": "3.3.3"
}
]
}
@ -120,8 +120,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

29
2018/25xxx/CVE-2018-25068.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability."
"value": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,28 +44,28 @@
"version": {
"version_data": [
{
"version_value": "4.0",
"version_affected": "="
"version_affected": "=",
"version_value": "4.0"
},
{
"version_value": "4.1",
"version_affected": "="
"version_affected": "=",
"version_value": "4.1"
},
{
"version_value": "4.2",
"version_affected": "="
"version_affected": "=",
"version_value": "4.2"
},
{
"version_value": "4.3",
"version_affected": "="
"version_affected": "=",
"version_value": "4.3"
},
{
"version_value": "4.4",
"version_affected": "="
"version_affected": "=",
"version_value": "4.4"
},
{
"version_value": "4.5",
"version_affected": "="
"version_affected": "=",
"version_value": "4.5"
}
]
}
@ -123,8 +123,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2018/25xxx/CVE-2018-25069.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -92,8 +92,7 @@
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

17
2018/25xxx/CVE-2018-25070.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability."
"value": "A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,16 +44,16 @@
"version": {
"version_data": [
{
"version_value": "8.0",
"version_affected": "="
"version_affected": "=",
"version_value": "8.0"
},
{
"version_value": "8.1",
"version_affected": "="
"version_affected": "=",
"version_value": "8.1"
},
{
"version_value": "8.2",
"version_affected": "="
"version_affected": "=",
"version_value": "8.2"
}
]
}
@ -111,8 +111,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

241
2018/25xxx/CVE-2018-25071.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,240 +44,240 @@
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.0"
},
{
"version_value": "0.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.1"
},
{
"version_value": "0.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.2"
},
{
"version_value": "0.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.3"
},
{
"version_value": "0.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.4"
},
{
"version_value": "0.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.5"
},
{
"version_value": "0.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.6"
},
{
"version_value": "0.1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.7"
},
{
"version_value": "0.1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.8"
},
{
"version_value": "0.1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.9"
},
{
"version_value": "0.1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.10"
},
{
"version_value": "0.1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.11"
},
{
"version_value": "0.1.12",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.12"
},
{
"version_value": "0.1.13",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.13"
},
{
"version_value": "0.1.14",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.14"
},
{
"version_value": "0.1.15",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.15"
},
{
"version_value": "0.1.16",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.16"
},
{
"version_value": "0.1.17",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.17"
},
{
"version_value": "0.1.18",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.18"
},
{
"version_value": "0.1.19",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.19"
},
{
"version_value": "0.1.20",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.20"
},
{
"version_value": "0.1.21",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.21"
},
{
"version_value": "0.1.22",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.22"
},
{
"version_value": "0.1.23",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.23"
},
{
"version_value": "0.1.24",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.24"
},
{
"version_value": "0.1.25",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.25"
},
{
"version_value": "0.1.26",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.26"
},
{
"version_value": "0.1.27",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.27"
},
{
"version_value": "0.1.28",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.28"
},
{
"version_value": "0.1.29",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.29"
},
{
"version_value": "0.1.30",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.30"
},
{
"version_value": "0.1.31",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.31"
},
{
"version_value": "0.1.32",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.32"
},
{
"version_value": "0.1.33",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.33"
},
{
"version_value": "0.1.34",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.34"
},
{
"version_value": "0.1.35",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.35"
},
{
"version_value": "0.1.36",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.36"
},
{
"version_value": "0.1.37",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.37"
},
{
"version_value": "0.1.38",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.38"
},
{
"version_value": "0.1.39",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.39"
},
{
"version_value": "0.1.40",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.40"
},
{
"version_value": "0.1.41",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.41"
},
{
"version_value": "0.1.42",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.42"
},
{
"version_value": "0.1.43",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.43"
},
{
"version_value": "0.1.44",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.44"
},
{
"version_value": "0.1.45",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.45"
},
{
"version_value": "0.1.46",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.46"
},
{
"version_value": "0.1.47",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.47"
},
{
"version_value": "0.1.48",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.48"
},
{
"version_value": "0.1.49",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.49"
},
{
"version_value": "0.1.50",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.50"
},
{
"version_value": "0.1.51",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.51"
},
{
"version_value": "0.1.52",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.52"
},
{
"version_value": "0.1.53",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.53"
},
{
"version_value": "0.1.54",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.54"
},
{
"version_value": "0.1.55",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.55"
},
{
"version_value": "0.1.56",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.56"
},
{
"version_value": "0.1.57",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.57"
},
{
"version_value": "0.1.58",
"version_affected": "="
"version_affected": "=",
"version_value": "0.1.58"
}
]
}
@ -335,8 +335,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

9
2018/25xxx/CVE-2018-25072.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647."
"value": "A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

33
2018/25xxx/CVE-2018-25073.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability."
"value": "A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,32 +44,32 @@
"version": {
"version_data": [
{
"version_value": "1.2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.0"
},
{
"version_value": "1.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.1"
},
{
"version_value": "1.2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.2"
},
{
"version_value": "1.2.3",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.3"
},
{
"version_value": "1.2.4",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.4"
},
{
"version_value": "1.2.5",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.5"
},
{
"version_value": "1.2.6",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.6"
}
]
}
@ -132,8 +132,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

9
2018/25xxx/CVE-2018-25074.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003."
"value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P"
}
]
}

23
2018/25xxx/CVE-2018-25075.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376."
"value": "A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in karsany OBridge bis 1.3 entdeckt. Hiervon betroffen ist die Funktion getAllStandaloneProcedureAndFunction der Datei obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 52eca4ad05f3c292aed3178b2f58977686ffa376 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine kritische Schwachstelle in karsany OBridge bis 1.3 entdeckt. Hiervon betroffen ist die Funktion getAllStandaloneProcedureAndFunction der Datei obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Ein Aktualisieren auf die Version 1.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 52eca4ad05f3c292aed3178b2f58977686ffa376 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,20 +44,20 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0"
},
{
"version_value": "1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.1"
},
{
"version_value": "1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2"
},
{
"version_value": "1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3"
}
]
}
@ -115,8 +115,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

11
2018/25xxx/CVE-2018-25076.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Events Extension. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The name of the patch is 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395."
"value": "A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395."
},
{
"lang": "deu",
"value": "In Events Extension wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults der Datei classes/events.php. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 11169e48ab1249109485fdb1e0c9fca3d25ba01d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
"value": "In Events Extension f\u00fcr BigTree wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults der Datei classes/events.php. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 11169e48ab1249109485fdb1e0c9fca3d25ba01d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2018/25xxx/CVE-2018-25077.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P"
}
]
}

17
2018/25xxx/CVE-2018-25079.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,16 +44,16 @@
"version": {
"version_data": [
{
"version_value": "1.2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.0"
},
{
"version_value": "1.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.1"
},
{
"version_value": "1.2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "1.2.2"
}
]
}
@ -116,8 +116,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

9
2018/25xxx/CVE-2018-25080.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "2.8.31",
"version_affected": "="
"version_affected": "=",
"version_value": "2.8.31"
}
]
}
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2018/25xxx/CVE-2018-25082.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403."
"value": "A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403."
},
{
"lang": "deu",
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2018/25xxx/CVE-2018-25084.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2018/25xxx/CVE-2018-25085.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755."
"value": "A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755."
},
{
"lang": "deu",
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

5
2018/25xxx/CVE-2018-25086.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
"value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
},
{
"lang": "deu",
@ -115,8 +115,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2018/25xxx/CVE-2018-25087.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

3
2018/25xxx/CVE-2018-25088.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2018/25xxx/CVE-2018-25089.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

25
2019/25xxx/CVE-2019-25070.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in WolfCMS bis 0.8.3.1 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /wolfcms/?/admin/user/add der Komponente User Add. Dank Manipulation des Arguments name mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine Schwachstelle wurde in WolfCMS bis 0.8.3.1 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /wolfcms/?/admin/user/add der Komponente User Add. Dank Manipulation des Arguments name mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@ -44,12 +44,12 @@
"version": {
"version_data": [
{
"version_value": "0.8.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "0.8.3.0"
},
{
"version_value": "0.8.3.1",
"version_affected": "="
"version_affected": "=",
"version_value": "0.8.3.1"
}
]
}
@ -62,11 +62,6 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfcms/wolfcms/issues/683",
"refsource": "MISC",
"name": "https://github.com/wolfcms/wolfcms/issues/683"
},
{
"url": "https://vuldb.com/?id.135125",
"refsource": "MISC",
@ -76,6 +71,11 @@
"url": "https://vuldb.com/?ctiid.135125",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.135125"
},
{
"url": "https://github.com/wolfcms/wolfcms/issues/683",
"refsource": "MISC",
"name": "https://github.com/wolfcms/wolfcms/issues/683"
}
]
},
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 3.5,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N"
}
]
}

9
2019/25xxx/CVE-2019-25093.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

31
2019/25xxx/CVE-2019-25094.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The name of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The identifier of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in innologi appointments Extension bis 2.0.5 gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Appointment Handler. Durch Manipulation des Arguments formfield mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 986d3cb34e5e086c6f04e061f600ffc5837abe7f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine problematische Schwachstelle in innologi appointments Extension bis 2.0.5 f\u00fcr TYPO3 gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Appointment Handler. Durch Manipulation des Arguments formfield mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 986d3cb34e5e086c6f04e061f600ffc5837abe7f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,28 +44,28 @@
"version": {
"version_data": [
{
"version_value": "2.0.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.0"
},
{
"version_value": "2.0.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.1"
},
{
"version_value": "2.0.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.2"
},
{
"version_value": "2.0.3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.3"
},
{
"version_value": "2.0.4",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.4"
},
{
"version_value": "2.0.5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0.5"
}
]
}
@ -123,8 +123,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

9
2019/25xxx/CVE-2019-25095.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "0.x",
"version_affected": "="
"version_affected": "=",
"version_value": "0.x"
}
]
}
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

57
2019/25xxx/CVE-2019-25096.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435."
"value": "A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The patch is named b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435."
},
{
"lang": "deu",
@ -44,56 +44,56 @@
"version": {
"version_data": [
{
"version_value": "2.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_value": "2.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.1"
},
{
"version_value": "2.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.2"
},
{
"version_value": "2.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.3"
},
{
"version_value": "2.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.4"
},
{
"version_value": "2.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.5"
},
{
"version_value": "2.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.6"
},
{
"version_value": "2.1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.7"
},
{
"version_value": "2.1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.8"
},
{
"version_value": "2.1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.9"
},
{
"version_value": "2.1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.10"
},
{
"version_value": "2.1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.11"
},
{
"version_value": "2.1.12",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.12"
}
]
}
@ -151,8 +151,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

75
2019/25xxx/CVE-2019-25097.json
View File

@ -44,56 +44,56 @@
"version": {
"version_data": [
{
"version_value": "2.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_value": "2.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.1"
},
{
"version_value": "2.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.2"
},
{
"version_value": "2.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.3"
},
{
"version_value": "2.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.4"
},
{
"version_value": "2.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.5"
},
{
"version_value": "2.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.6"
},
{
"version_value": "2.1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.7"
},
{
"version_value": "2.1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.8"
},
{
"version_value": "2.1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.9"
},
{
"version_value": "2.1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.10"
},
{
"version_value": "2.1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.11"
},
{
"version_value": "2.1.12",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.12"
}
]
}
@ -106,16 +106,6 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46"
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13"
},
{
"url": "https://vuldb.com/?id.217436",
"refsource": "MISC",
@ -125,6 +115,16 @@
"url": "https://vuldb.com/?ctiid.217436",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217436"
},
{
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46"
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13"
}
]
},
@ -151,8 +151,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

77
2019/25xxx/CVE-2019-25098.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability."
"value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The identifier of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,56 +44,56 @@
"version": {
"version_data": [
{
"version_value": "2.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_value": "2.1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.1"
},
{
"version_value": "2.1.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.2"
},
{
"version_value": "2.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.3"
},
{
"version_value": "2.1.4",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.4"
},
{
"version_value": "2.1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.5"
},
{
"version_value": "2.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.6"
},
{
"version_value": "2.1.7",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.7"
},
{
"version_value": "2.1.8",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.8"
},
{
"version_value": "2.1.9",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.9"
},
{
"version_value": "2.1.10",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.10"
},
{
"version_value": "2.1.11",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.11"
},
{
"version_value": "2.1.12",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1.12"
}
]
}
@ -106,16 +106,6 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46"
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13"
},
{
"url": "https://vuldb.com/?id.217437",
"refsource": "MISC",
@ -125,6 +115,16 @@
"url": "https://vuldb.com/?ctiid.217437",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217437"
},
{
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46"
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"refsource": "MISC",
"name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13"
}
]
},
@ -151,8 +151,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

9
2019/25xxx/CVE-2019-25099.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability."
"value": "A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

9
2019/25xxx/CVE-2019-25100.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability."
"value": "A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

9
2019/25xxx/CVE-2019-25101.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059."
"value": "A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.0.11.10",
"version_affected": "="
"version_affected": "=",
"version_value": "1.0.11.10"
}
]
}
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2019/25xxx/CVE-2019-25102.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The name of the patch is 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

5
2019/25xxx/CVE-2019-25103.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639."
"value": "A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

5
2019/25xxx/CVE-2019-25104.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The name of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability."
"value": "A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The identifier of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"
}
]
}