admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-07 20:00:37 +00:00
parent 47ddf7edcb
commit 62b818dc4b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 1192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2013/10xxx/CVE-2013-10009.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2013-10009",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The name of the patch is 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in DrAzraelTod pyChao gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion klauen/lesen der Datei mod_fun/__init__.py. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 9d8adbc07c384ba51c2583ce0819c9abb77dc648 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DrAzraelTod",
"product": {
"product_data": [
{
"product_name": "pyChao",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217634",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217634"
},
{
"url": "https://vuldb.com/?ctiid.217634",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217634"
},
{
"url": "https://github.com/DrAzraelTod/pyChao/pull/1",
"refsource": "MISC",
"name": "https://github.com/DrAzraelTod/pyChao/pull/1"
},
{
"url": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648",
"refsource": "MISC",
"name": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125064.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125064",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in elgs gosqljson entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion QueryDbToArray/QueryDbToMap/ExecDb der Datei gosqljson.go. Durch das Manipulieren des Arguments sqlStatement mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 2740b331546cb88eb61771df4c07d389e9f0363a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "elgs",
"product": {
"product_data": [
{
"product_name": "gosqljson",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217631",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217631"
},
{
"url": "https://vuldb.com/?ctiid.217631",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217631"
},
{
"url": "https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a",
"refsource": "MISC",
"name": "https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125065.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125065",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in john5223 bottle-auth gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 99cfbcc0c1429096e3479744223ffb4fda276875 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "john5223",
"product": {
"product_data": [
{
"product_name": "bottle-auth",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217632",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217632"
},
{
"url": "https://vuldb.com/?ctiid.217632",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217632"
},
{
"url": "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875",
"refsource": "MISC",
"name": "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

115
2015/10xxx/CVE-2015-10029.json Normal file
View File

@ -0,0 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10029",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In kelvinmo simplexrd bis 3.1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei simplexrd/simplexrd.class.php. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 4c9f2e028523ed705b555eca2c18c64e71f1a35d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kelvinmo",
"product": {
"product_data": [
{
"product_name": "simplexrd",
"version": {
"version_data": [
{
"version_value": "3.0",
"version_affected": "="
},
{
"version_value": "3.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217630",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217630"
},
{
"url": "https://vuldb.com/?ctiid.217630",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217630"
},
{
"url": "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d",
"refsource": "MISC",
"name": "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d"
},
{
"url": "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1",
"refsource": "MISC",
"name": "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.9,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

111
2016/15xxx/CVE-2016-15013.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2016-15013",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in ForumHulp searchresults ausgemacht. Betroffen davon ist die Funktion list_keywords der Datei event/listener.php. Durch Manipulation des Arguments word mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als dd8a312bb285ad9735a8e1da58e9e955837b7322 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ForumHulp",
"product": {
"product_data": [
{
"product_name": "searchresults",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217628",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217628"
},
{
"url": "https://vuldb.com/?ctiid.217628",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217628"
},
{
"url": "https://github.com/ForumHulp/searchresults/pull/2",
"refsource": "MISC",
"name": "https://github.com/ForumHulp/searchresults/pull/2"
},
{
"url": "https://github.com/ForumHulp/searchresults/commit/dd8a312bb285ad9735a8e1da58e9e955837b7322",
"refsource": "MISC",
"name": "https://github.com/ForumHulp/searchresults/commit/dd8a312bb285ad9735a8e1da58e9e955837b7322"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

116
2016/15xxx/CVE-2016-15014.json Normal file
View File

@ -0,0 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2016-15014",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In CESNET theme-cesnet bis 1.x wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei cesnet/core/lostpassword/templates/resetpassword.php. Durch das Beeinflussen mit unbekannten Daten kann eine insufficiently protected credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CESNET",
"product": {
"product_data": [
{
"product_name": "theme-cesnet",
"version": {
"version_data": [
{
"version_value": "1.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217633",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217633"
},
{
"url": "https://vuldb.com/?ctiid.217633",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217633"
},
{
"url": "https://github.com/CESNET/theme-cesnet/pull/1",
"refsource": "MISC",
"name": "https://github.com/CESNET/theme-cesnet/pull/1"
},
{
"url": "https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6",
"refsource": "MISC",
"name": "https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6"
},
{
"url": "https://github.com/CESNET/theme-cesnet/releases/tag/2.0.0",
"refsource": "MISC",
"name": "https://github.com/CESNET/theme-cesnet/releases/tag/2.0.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}

119
2017/20xxx/CVE-2017-20164.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20164",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Symbiote Seed bis 6.0.2 ausgemacht. Hiervon betroffen ist die Funktion onBeforeSecurityLogin der Datei code/extensions/SecurityLoginExtension.php der Komponente Login. Mit der Manipulation des Arguments URL mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 6.0.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b065ebd82da53009d273aa7e989191f701485244 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symbiote",
"product": {
"product_data": [
{
"product_name": "Seed",
"version": {
"version_data": [
{
"version_value": "6.0.0",
"version_affected": "="
},
{
"version_value": "6.0.1",
"version_affected": "="
},
{
"version_value": "6.0.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217626",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217626"
},
{
"url": "https://vuldb.com/?ctiid.217626",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217626"
},
{
"url": "https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244",
"refsource": "MISC",
"name": "https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244"
},
{
"url": "https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3",
"refsource": "MISC",
"name": "https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

268
2020/36xxx/CVE-2020-36646.json Normal file
View File

@ -0,0 +1,268 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-36646",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in MediaArea ZenLib bis 0.4.38 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion Ztring::Date_From_Seconds_1970_Local der Datei Source/ZenLib/Ztring.cpp. Mittels dem Manipulieren des Arguments Value mit unbekannten Daten kann eine unchecked return value to null pointer dereference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.4.39 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"cweId": "CWE-690"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaArea",
"product": {
"product_data": [
{
"product_name": "ZenLib",
"version": {
"version_data": [
{
"version_value": "0.4.0",
"version_affected": "="
},
{
"version_value": "0.4.1",
"version_affected": "="
},
{
"version_value": "0.4.2",
"version_affected": "="
},
{
"version_value": "0.4.3",
"version_affected": "="
},
{
"version_value": "0.4.4",
"version_affected": "="
},
{
"version_value": "0.4.5",
"version_affected": "="
},
{
"version_value": "0.4.6",
"version_affected": "="
},
{
"version_value": "0.4.7",
"version_affected": "="
},
{
"version_value": "0.4.8",
"version_affected": "="
},
{
"version_value": "0.4.9",
"version_affected": "="
},
{
"version_value": "0.4.10",
"version_affected": "="
},
{
"version_value": "0.4.11",
"version_affected": "="
},
{
"version_value": "0.4.12",
"version_affected": "="
},
{
"version_value": "0.4.13",
"version_affected": "="
},
{
"version_value": "0.4.14",
"version_affected": "="
},
{
"version_value": "0.4.15",
"version_affected": "="
},
{
"version_value": "0.4.16",
"version_affected": "="
},
{
"version_value": "0.4.17",
"version_affected": "="
},
{
"version_value": "0.4.18",
"version_affected": "="
},
{
"version_value": "0.4.19",
"version_affected": "="
},
{
"version_value": "0.4.20",
"version_affected": "="
},
{
"version_value": "0.4.21",
"version_affected": "="
},
{
"version_value": "0.4.22",
"version_affected": "="
},
{
"version_value": "0.4.23",
"version_affected": "="
},
{
"version_value": "0.4.24",
"version_affected": "="
},
{
"version_value": "0.4.25",
"version_affected": "="
},
{
"version_value": "0.4.26",
"version_affected": "="
},
{
"version_value": "0.4.27",
"version_affected": "="
},
{
"version_value": "0.4.28",
"version_affected": "="
},
{
"version_value": "0.4.29",
"version_affected": "="
},
{
"version_value": "0.4.30",
"version_affected": "="
},
{
"version_value": "0.4.31",
"version_affected": "="
},
{
"version_value": "0.4.32",
"version_affected": "="
},
{
"version_value": "0.4.33",
"version_affected": "="
},
{
"version_value": "0.4.34",
"version_affected": "="
},
{
"version_value": "0.4.35",
"version_affected": "="
},
{
"version_value": "0.4.36",
"version_affected": "="
},
{
"version_value": "0.4.37",
"version_affected": "="
},
{
"version_value": "0.4.38",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217629",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217629"
},
{
"url": "https://vuldb.com/?ctiid.217629",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217629"
},
{
"url": "https://github.com/MediaArea/ZenLib/pull/119",
"refsource": "MISC",
"name": "https://github.com/MediaArea/ZenLib/pull/119"
},
{
"url": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408",
"refsource": "MISC",
"name": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408"
},
{
"url": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39",
"refsource": "MISC",
"name": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.3,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
}
]
}
}

140
2021/4xxx/CVE-2021-4307.json Normal file
View File

@ -0,0 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-4307",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627."
},
{
"lang": "deu",
"value": "In Yomguithereal Baobab bis 2.6.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch die Manipulation mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.6.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c56639532a923d9a1600fb863ec7551b188b5d19 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
"cweId": "CWE-1321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yomguithereal",
"product": {
"product_data": [
{
"product_name": "Baobab",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
},
{
"version_value": "2.1",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
},
{
"version_value": "2.3",
"version_affected": "="
},
{
"version_value": "2.4",
"version_affected": "="
},
{
"version_value": "2.5",
"version_affected": "="
},
{
"version_value": "2.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217627",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217627"
},
{
"url": "https://vuldb.com/?ctiid.217627",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217627"
},
{
"url": "https://github.com/Yomguithereal/baobab/pull/511",
"refsource": "MISC",
"name": "https://github.com/Yomguithereal/baobab/pull/511"
},
{
"url": "https://github.com/Yomguithereal/baobab/commit/c56639532a923d9a1600fb863ec7551b188b5d19",
"refsource": "MISC",
"name": "https://github.com/Yomguithereal/baobab/commit/c56639532a923d9a1600fb863ec7551b188b5d19"
},
{
"url": "https://github.com/Yomguithereal/baobab/releases/tag/2.6.1",
"refsource": "MISC",
"name": "https://github.com/Yomguithereal/baobab/releases/tag/2.6.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}