admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-03 16:00:32 +00:00
parent 10266eaeac
commit 88d4428d79
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 1268 additions and 1161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
2021/44xxx/CVE-2021-44792.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-44792",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-01-27T15:00:00.000Z",
"TITLE": "Information Leakege via Unauthorized Access in Single Connect",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0093"
],
"advisory": "TR-22-0093",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.16",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-44792",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"log-monitor\" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0093",
"defect": [
"TR-22-0093"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Single Connect should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "Single Connect should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Gokhan SAHIN"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"log-monitor\" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Single Connect should be updated to the latest version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Gokhan SAHIN"
}
]
}

213
2021/44xxx/CVE-2021-44793.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-44793",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-01-27T15:00:00.000Z",
"TITLE": "Information Leakege via Unauthorized Access in Single Connect",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0093"
],
"advisory": "TR-22-0093",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.16",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-44793",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the sc-reports-ui\" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0093",
"defect": [
"TR-22-0093"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Single Connect should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "Single Connect should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Gokhan SAHIN"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the sc-reports-ui\" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Single Connect should be updated to the latest version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Gokhan SAHIN"
}
]
}

213
2021/44xxx/CVE-2021-44794.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-44794",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-01-27T15:00:00.000Z",
"TITLE": "Information Leakege via Unauthorized Access in Single Connect",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0093"
],
"advisory": "TR-22-0093",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.16",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-44794",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"sc-diagnostic-ui\" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0093",
"defect": [
"TR-22-0093"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Single Connect should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "Single Connect should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Gokhan SAHIN"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"sc-diagnostic-ui\" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Single Connect should be updated to the latest version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Gokhan SAHIN"
}
]
}

213
2021/44xxx/CVE-2021-44795.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-44795",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-01-27T15:00:00.000Z",
"TITLE": "Modifying User Permissions via Unauthorized Access in Single Connect",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0093"
],
"advisory": "TR-22-0093",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.16",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-44795",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"sc-assigned-credential-ui\" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kron ",
"product": {
"product_data": [
{
"product_name": "Single Connect",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0093",
"defect": [
"TR-22-0093"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Single Connect should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "Single Connect should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Gokhan SAHIN"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Single Connect does not perform an authorization check when using the \"sc-assigned-credential-ui\" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0093",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0093"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Single Connect should be updated to the latest version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Gokhan SAHIN"
}
]
}

133
2021/45xxx/CVE-2021-45031.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-03-30T21:00:00.000Z",
"ID": "CVE-2021-45031",
"STATE": "PUBLIC",
"TITLE": "Weak Authentication in Login Function of USC+"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mepsan",
"product": {
"product_data": [
{
@ -18,86 +41,72 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "Mepsan"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "K\u00fcr\u015fat \u00c7ET\u0130N"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords."
"url": "https://www.usom.gov.tr/bildirim/tr-22-0269",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0269"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usom.gov.tr/bildirim/tr-22-0269",
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0269"
}
]
},
"solution": [
{
"lang": "eng",
"value": "USC+ should be updated to the latest version provided by the vendor."
}
],
"source": {
"advisory": "TR-22-0269",
"defect": [
"TR-22-0269"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>USC+ should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "USC+ should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "K\u00fcr\u015fat \u00c7ET\u0130N"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
]
}
}

123
2021/45xxx/CVE-2021-45475.json
View File

@ -1,24 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-45475",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-10-26T21:00:00.000Z",
"TITLE": "Information disclosure in Yordam Library Information Document Automation Program",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0669"
],
"advisory": "TR-22-0669",
"discovery": "EXTERNAL"
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
@ -32,10 +40,9 @@
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "19.02",
"platform": ""
"version_name": "unspecified",
"version_value": "19.02"
}
]
}
@ -46,64 +53,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0669",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0669"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0669",
"defect": [
"TR-22-0669"
],
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor."
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor.</p>"
}
],
"value": "Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor.\n\n"
}
],
"credit": [
"credits": [
{
"lang": "eng",
"lang": "en",
"value": "Bartu Utku Sarp "
}
]
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
}

213
2021/45xxx/CVE-2021-45476.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2021-45476",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-10-27T21:00:00.000Z",
"TITLE": "Information disclosure in Yordam Library Information Document Automation Program",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0669"
],
"advisory": "TR-22-0669",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yordam Informatics Systems",
"product": {
"product_data": [
{
"product_name": "Yordam Library Information Document Automation Program",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "19.02",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-45476",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yordam Informatics Systems",
"product": {
"product_data": [
{
"product_name": "Yordam Library Information Document Automation Program",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "19.02"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0669",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0669"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0669",
"defect": [
"TR-22-0669"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor.</p>"
}
],
"value": "Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Bartu Utku Sarp "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0669",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0669"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Yordam Library Information Document Automation program should be updated to version 19.02, provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Bartu Utku Sarp "
}
]
}

4
2021/45xxx/CVE-2021-45479.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2."
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]

123
2022/0xxx/CVE-2022-0495.json
View File

@ -1,24 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-0495",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-09-21T08:00:00.000Z",
"TITLE": "SQL Injection in KOHA ",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0635"
],
"advisory": "TR-22-0635",
"discovery": "EXTERNAL"
"description": {
"description_data": [
{
"lang": "eng",
"value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
@ -32,10 +40,9 @@
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "19.05.03",
"platform": ""
"version_name": "unspecified",
"version_value": "19.05.03"
}
]
}
@ -46,64 +53,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0635",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0635"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0635",
"defect": [
"TR-22-0635"
],
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor. "
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor. </p>"
}
],
"value": "Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor. \n\n"
}
],
"credit": [
"credits": [
{
"lang": "eng",
"lang": "en",
"value": "Bartu Utku Sarp "
}
]
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}
}

4
2022/0xxx/CVE-2022-0900.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's \"aciklama\" parameter could allow anyone to gain users' session informations."
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's \"aciklama\" parameter could allow anyone to gain users' session informations.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]

215
2022/1xxx/CVE-2022-1277.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-1277",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-07-29T15:00:00.000Z",
"TITLE": "SQL Injection in Inavitas Solar Log",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0514"
],
"advisory": "TR-22-0514",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Inavitas",
"product": {
"product_data": [
{
"product_name": "Inavitas Solar Log",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "1.0",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-1277",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Inavitas",
"product": {
"product_data": [
{
"product_name": "Inavitas Solar Log",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0514",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0514"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0514",
"defect": [
"TR-22-0514"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Inavitas Solar Log should be updated to the latest version provided by the vendor.</p>"
}
],
"value": "Inavitas Solar Log should be updated to the latest version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Ismail ERKEK"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0514",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0514"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Inavitas Solar Log should be updated to the latest version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Ismail ERKEK"
}
]
}
}

123
2022/2xxx/CVE-2022-2177.json
View File

@ -1,24 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-2177",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-09-20T15:00:00.000Z",
"TITLE": "SQL Injection in Kayrasoft",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0630"
],
"advisory": "TR-22-0630",
"discovery": "EXTERNAL"
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
@ -32,10 +40,9 @@
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2",
"platform": ""
"version_name": "unspecified",
"version_value": "2"
}
]
}
@ -46,64 +53,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0630",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0630"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0630",
"defect": [
"TR-22-0630"
],
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Kayrasoft should be updated to the v2 version provided by the vendor. "
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kayrasoft should be updated to the v2 version provided by the vendor. </p>"
}
],
"value": "Kayrasoft should be updated to the v2 version provided by the vendor. \n\n"
}
],
"credit": [
"credits": [
{
"lang": "eng",
"lang": "en",
"value": "Bartu Utku Sarp "
}
]
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}
}

215
2022/2xxx/CVE-2022-2265.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-2265",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-09-21T13:20:00.000Z",
"TITLE": "Path traversal in Identity and Directory Management System",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0636"
],
"advisory": "TR-22-0636",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Çekino Bilgi Teknolojileri",
"product": {
"product_data": [
{
"product_name": "Çekino Bilgi Teknolojileri",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2.1.25",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-35: Path Traversal"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2265",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Identity and Directory Management System developed by \u00c7ekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-35 Path Traversal: '.../...//'",
"cweId": "CWE-35"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "\u00c7ekino Bilgi Teknolojileri",
"product": {
"product_data": [
{
"product_name": "\u00c7ekino Bilgi Teknolojileri",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.1.25"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0636",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0636"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0636",
"defect": [
"TR-22-0636"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Vulnerable Identity and Directory Management System module should be updated to the 2.1.25 version provided by the vendor. </p>"
}
],
"value": "Vulnerable Identity and Directory Management System module should be updated to the 2.1.25 version provided by the vendor. \n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Onurhan Erdo\u011fdu"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0636",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0636"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Vulnerable Identity and Directory Management System module should be updated to the 2.1.25 version provided by the vendor. "
}
],
"credit": [
{
"lang": "eng",
"value": "Onurhan Erdoğdu"
}
]
}
}

213
2022/2xxx/CVE-2022-2266.json
View File

@ -1,109 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-2266",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-09-22T08:20:00.000Z",
"TITLE": "Reflected XSS University Library Automation System",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0637"
],
"advisory": "TR-22-0637",
"discovery": "EXTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yordam Bilgi Teknolojileri",
"product": {
"product_data": [
{
"product_name": "Yordam Bilgi Teknolojileri",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "19.2",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Reflected XSS"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2266",
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yordam Bilgi Teknolojileri",
"product": {
"product_data": [
{
"product_name": "Yordam Bilgi Teknolojileri",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "19.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-22-0637",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0637"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0637",
"defect": [
"TR-22-0637"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Library Automation System module should be updated to the 19.2 version provided by the vendor.</p>"
}
],
"value": "Library Automation System module should be updated to the 19.2 version provided by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Bu\u011fra T\u00fcrko\u011flu"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0637",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0637"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Library Automation System module should be updated to the 19.2 version provided by the vendor."
}
],
"credit": [
{
"lang": "eng",
"value": "Buğra Türkoğlu"
}
]
}

123
2022/2xxx/CVE-2022-2315.json
View File

@ -1,24 +1,32 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-2315",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-09-21T15:00:00.000Z",
"TITLE": "SQL Injection in Database Accreditation System",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"TR-22-0634"
],
"advisory": "TR-22-0634",
"discovery": "EXTERNAL"
"description": {
"description_data": [
{
"lang": "eng",
"value": "Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
@ -32,10 +40,9 @@
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "2",
"platform": ""
"version_name": "unspecified",
"version_value": "2"
}
]
}
@ -46,64 +53,60 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0634",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0634"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "TR-22-0634",
"defect": [
"TR-22-0634"
],
"discovery": "EXTERNAL"
},
"exploit": [],
"work_around": [],
"solution": [
{
"lang": "eng",
"value": "Database Software Accreditation Tracking/Presentation Module should be updated to the v2 version provided by the vendor. "
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Database Software Accreditation Tracking/Presentation Module should be updated to the v2 version provided by the vendor. </p>"
}
],
"value": "Database Software Accreditation Tracking/Presentation Module should be updated to the v2 version provided by the vendor. \n\n"
}
],
"credit": [
"credits": [
{
"lang": "eng",
"lang": "en",
"value": "Bartu Utku Sarp "
}
]
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}
}

2
2022/2xxx/CVE-2022-2807.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]

2
2022/3xxx/CVE-2022-3693.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-35 Path Traversal",
"value": "CWE-35 Path Traversal: '.../...//'",
"cweId": "CWE-35"
}
]

4
2022/45xxx/CVE-2022-45085.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01."
"value": "Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]

2
2022/4xxx/CVE-2022-4554.json
View File

@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Reflected XSS",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]

2
2023/0xxx/CVE-2023-0839.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1."
"value": "Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.\n\n"
}
]
},

4
2023/0xxx/CVE-2023-0882.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16."
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.\u00a0This issue affects Single Connect: 2.16."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]

72
2023/41xxx/CVE-2023-41180.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. The Disable Peer Verification property of InvokeHTTP was effectively flipped, disabling verification by default, when using HTTPS.\n\nMitigation: Set the Disable Peer Verification property of InvokeHTTP to true when using MiNiFi C++ versions 0.13.0 or 0.14.0. Upgrading to MiNiFi C++ 0.15.0 corrects the default behavior.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache NiFi MiNiFi C++",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.13.0",
"version_value": "0.14.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/b51f8csysg1pvgs6xjjrq5hrjrvfot1y",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/b51f8csysg1pvgs6xjjrq5hrjrvfot1y"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"MINIFICPP-2170"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Ferenc Gerlits"
}
]
}