admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-31 10:00:37 +00:00
parent 56dca18334
commit 749136dbe3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 317 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2017/20xxx/CVE-2017-20156.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20156",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Exciting Printer gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei lib/printer/jobs/prepare_page.rb der Komponente Argument Handler. Durch Beeinflussen des Arguments URL mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5f8c715d6e2cc000f621a6833f0a86a673462136 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Exciting",
"product": {
"product_data": [
{
"product_name": "Printer",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217139",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217139"
},
{
"url": "https://vuldb.com/?ctiid.217139",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217139"
},
{
"url": "https://github.com/exciting-io/printer/issues/56",
"refsource": "MISC",
"name": "https://github.com/exciting-io/printer/issues/56"
},
{
"url": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136",
"refsource": "MISC",
"name": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

105
2017/20xxx/CVE-2017-20157.json Normal file
View File

@ -0,0 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20157",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Ariadne Component Library bis 2.x ausgemacht. Es betrifft eine unbekannte Funktion der Datei src/url/Url.php. Dank der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ariadne",
"product": {
"product_data": [
{
"product_name": "Component Library",
"version": {
"version_data": [
{
"version_value": "2.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217140",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217140"
},
{
"url": "https://vuldb.com/?ctiid.217140",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217140"
},
{
"url": "https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656",
"refsource": "MISC",
"name": "https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656"
},
{
"url": "https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0",
"refsource": "MISC",
"name": "https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

18
2017/20xxx/CVE-2017-20158.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

166
2022/4xxx/CVE-2022-4865.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-4865",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in usememos/memos"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "usememos/memos",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.9.1"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-4865",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in usememos/memos"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "usememos/memos",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.9.1"
}
]
}
}
]
},
"vendor_name": "usememos"
}
}
]
},
"vendor_name": "usememos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be"
},
{
"name": "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc",
"refsource": "MISC",
"url": "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc"
}
]
},
"source": {
"advisory": "cd8765a2-bf28-4019-8647-882ccf63b2be",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc",
"refsource": "MISC",
"url": "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc"
},
{
"name": "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be"
}
]
},
"source": {
"advisory": "cd8765a2-bf28-4019-8647-882ccf63b2be",
"discovery": "EXTERNAL"
}
}