admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-20 10:00:41 +00:00
parent dbcbd93dd1
commit a4151988a4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
53 changed files with 401 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
2015/10xxx/CVE-2015-10084.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10085.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

3
2015/10xxx/CVE-2015-10086.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "HIGH"
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

7
2015/10xxx/CVE-2015-10087.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **In UpThemes Theme DesignFolio Plus 1.2 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 53f6ae62878076f99718e5feb589928e83c879a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In UpThemes Theme DesignFolio Plus 1.2 f\u00fcr WordPress wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 53f6ae62878076f99718e5feb589928e83c879a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2015/10xxx/CVE-2015-10088.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267."
"value": "A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in ayttm bis 0.5.0.89 gefunden. Es geht dabei um die Funktion http_connect in der Bibliothek libproxy/proxy.c. Dank Manipulation mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 40e04680018614a7d2b68566b261b061a0597046 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
"value": "Es wurde eine kritische Schwachstelle in ayttm bis 0.5.0.89 gefunden. Es geht dabei um die Funktion http_connect in der Bibliothek libproxy/proxy.c. Dank Manipulation mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Patch wird als 40e04680018614a7d2b68566b261b061a0597046 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@ -453,8 +453,7 @@
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10089.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291."
"value": "A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291."
},
{
"lang": "deu",
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10090.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320."
"value": "A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Landing Pages Plugin bis 1.8.7 entdeckt. Davon betroffen ist unbekannter Code. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.8.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c8e22c1340c11fedfb0a0a67ea690421bdb62b94 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Eine problematische Schwachstelle wurde in Landing Pages Plugin bis 1.8.7 f\u00fcr WordPress entdeckt. Davon betroffen ist unbekannter Code. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.8.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c8e22c1340c11fedfb0a0a67ea690421bdb62b94 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -131,8 +131,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2015/10xxx/CVE-2015-10091.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
"value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

7
2015/10xxx/CVE-2015-10092.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324."
"value": "A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Qtranslate Slug Plugin bis 1.1.16 ausgemacht. Betroffen hiervon ist die Funktion add_slug_meta_box der Datei includes/class-qtranslate-slug.php. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.1.17 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 74b3932696f9868e14563e51b7d0bb68c53bf5e4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine problematische Schwachstelle in Qtranslate Slug Plugin bis 1.1.16 f\u00fcr WordPress ausgemacht. Betroffen hiervon ist die Funktion add_slug_meta_box der Datei includes/class-qtranslate-slug.php. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.1.17 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 74b3932696f9868e14563e51b7d0bb68c53bf5e4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -167,8 +167,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10093.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability."
"value": "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Mark User as Spammer Plugin 1.0.0/1.0.1 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion user_row_actions der Datei plugin/plugin.php. Durch Manipulation des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e7059727274d2767c240c55c02c163eaa4ba6c62 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "In Mark User as Spammer Plugin 1.0.0/1.0.1 f\u00fcr WordPress wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion user_row_actions der Datei plugin/plugin.php. Durch Manipulation des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Ein Aktualisieren auf die Version 1.0.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e7059727274d2767c240c55c02c163eaa4ba6c62 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -107,8 +107,7 @@
{
"version": "2.0",
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10094.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -487,8 +487,7 @@
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10095.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327."
"value": "A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The patch is named 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in woo-popup Plugin bis 1.2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei admin/class-woo-popup-admin.php. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7c76ac78f3e16015991b612ff4fa616af4ce9292 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine Schwachstelle in woo-popup Plugin bis 1.2.2 f\u00fcr WordPress entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei admin/class-woo-popup-admin.php. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.3.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7c76ac78f3e16015991b612ff4fa616af4ce9292 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -111,8 +111,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10096.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383."
"value": "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Zarthus IRC Twitter Announcer Bot bis 1.1.0 gefunden. Dabei betrifft es die Funktion get_tweets der Datei lib/twitterbot/plugins/twitter_announcer.rb. Mittels Manipulieren des Arguments tweet mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Es wurde eine kritische Schwachstelle in Zarthus IRC Twitter Announcer Bot bis 1.1.0 gefunden. Dabei betrifft es die Funktion get_tweets der Datei lib/twitterbot/plugins/twitter_announcer.rb. Mittels Manipulieren des Arguments tweet mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Ein Aktualisieren auf die Version 1.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -107,8 +107,7 @@
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10097.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability."
"value": "A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2015/10xxx/CVE-2015-10098.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152."
"value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Broken Link Checker Plugin bis 1.10.5 ausgemacht. Dies betrifft die Funktion print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.10.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f30638869e281461b87548e40b517738b4350e47 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Eine problematische Schwachstelle wurde in Broken Link Checker Plugin bis 1.10.5 f\u00fcr WordPress ausgemacht. Dies betrifft die Funktion print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.10.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f30638869e281461b87548e40b517738b4350e47 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -123,8 +123,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2015/10xxx/CVE-2015-10099.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351."
"value": "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in CP Appointment Calendar Plugin bis 1.1.5 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion dex_process_ready_to_go_appointment der Datei dex_appointments.php. Mittels dem Manipulieren des Arguments itemnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als e29a9cdbcb0f37d887dd302a05b9e8bf213da01d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
"value": "Es wurde eine Schwachstelle in CP Appointment Calendar Plugin bis 1.1.5 f\u00fcr WordPress entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion dex_process_ready_to_go_appointment der Datei dex_appointments.php. Mittels dem Manipulieren des Arguments itemnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als e29a9cdbcb0f37d887dd302a05b9e8bf213da01d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
@ -118,8 +118,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2015/10xxx/CVE-2015-10100.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Dynamic Widgets Plugin bis 1.5.10 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei classes/dynwid_class.php. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.5.11 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d0a19c6efcdc86d7093b369bc9e29a0629e57795 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Eine Schwachstelle wurde in Dynamic Widgets Plugin bis 1.5.10 f\u00fcr WordPress entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei classes/dynwid_class.php. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.5.11 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d0a19c6efcdc86d7093b369bc9e29a0629e57795 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -143,8 +143,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10101.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability."
"value": "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -122,8 +122,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2015/10xxx/CVE-2015-10102.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability."
"value": "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10103.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
"value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The patch is named adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
},
{
"lang": "deu",
@ -115,8 +115,7 @@
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"
}
]
}

3
2015/10xxx/CVE-2015-10104.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2015/10xxx/CVE-2015-10105.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -271,8 +271,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10106.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
@ -130,8 +130,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

5
2015/10xxx/CVE-2015-10107.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability."
"value": "A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -114,8 +114,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2015/10xxx/CVE-2015-10108.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability."
"value": "A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
@ -127,8 +127,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10109.json
View File

@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10110.json
View File

@ -130,8 +130,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

5
2015/10xxx/CVE-2015-10111.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651."
"value": "A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The patch is named bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651."
},
{
"lang": "deu",
@ -126,8 +126,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2015/10xxx/CVE-2015-10112.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10113.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10114.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10115.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10116.json
View File

@ -150,8 +150,7 @@
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10117.json
View File

@ -111,8 +111,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10118.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10119.json
View File

@ -130,8 +130,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10120.json
View File

@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10121.json
View File

@ -102,8 +102,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

3
2015/10xxx/CVE-2015-10122.json
View File

@ -114,8 +114,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

3
2015/10xxx/CVE-2015-10124.json
View File

@ -126,8 +126,7 @@
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

19
2016/15xxx/CVE-2016-15006.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
"value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,16 +44,16 @@
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "=",
"version_value": "2.0"
},
{
"version_value": "2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "2.1"
},
{
"version_value": "2.2",
"version_affected": "="
"version_affected": "=",
"version_value": "2.2"
}
]
}
@ -111,8 +111,7 @@
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

9
2016/15xxx/CVE-2016-15007.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195."
"value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

9
2016/15xxx/CVE-2016-15008.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355."
"value": "A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355."
},
{
"lang": "deu",
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

7
2016/15xxx/CVE-2016-15009.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -98,8 +98,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

15
2016/15xxx/CVE-2016-15010.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **In University of Cambridge django-ucamlookup bis 1.9.1 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Lookup Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.9.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In University of Cambridge django-ucamlookup bis 1.9.1 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Lookup Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.9.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,12 +44,12 @@
"version": {
"version_data": [
{
"version_value": "1.9.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.9.0"
},
{
"version_value": "1.9.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.9.1"
}
]
}
@ -107,8 +107,7 @@
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

13
2016/15xxx/CVE-2016-15011.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability."
"value": "A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability."
},
{
"lang": "deu",
@ -44,12 +44,12 @@
"version": {
"version_data": [
{
"version_value": "1.3.0",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_value": "1.3.1",
"version_affected": "="
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
@ -107,8 +107,7 @@
{
"version": "2.0",
"baseScore": 4.9,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P"
}
]
}

11
2016/15xxx/CVE-2016-15012.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in forcedotcom SalesforceMobileSDK-Windows bis 4.x ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion ComputeCountSql der Datei SalesforceSDK/SmartStore/Store/QuerySpec.cs. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine Schwachstelle wurde in forcedotcom SalesforceMobileSDK-Windows bis 4.x ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion ComputeCountSql der Datei SalesforceSDK/SmartStore/Store/QuerySpec.cs. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "4.x",
"version_affected": "="
"version_affected": "=",
"version_value": "4.x"
}
]
}
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

7
2016/15xxx/CVE-2016-15013.json
View File

@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
"version_affected": "=",
"version_value": "n/a"
}
]
}
@ -103,8 +103,7 @@
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

11
2016/15xxx/CVE-2016-15014.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability."
"value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In CESNET theme-cesnet bis 1.x wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei cesnet/core/lostpassword/templates/resetpassword.php. Durch das Beeinflussen mit unbekannten Daten kann eine insufficiently protected credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
"value": "In CESNET theme-cesnet bis 1.x f\u00fcr ownCloud wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei cesnet/core/lostpassword/templates/resetpassword.php. Durch das Beeinflussen mit unbekannten Daten kann eine insufficiently protected credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -44,8 +44,8 @@
"version": {
"version_data": [
{
"version_value": "1.x",
"version_affected": "="
"version_affected": "=",
"version_value": "1.x"
}
]
}
@ -108,8 +108,7 @@
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

78
2023/34xxx/CVE-2023-34045.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Fusion(13.x prior to 13.5)\u00a0contains a local privilege escalation vulnerability that occurs during \ninstallation for the first time (the user needs to drag or copy the \napplication to a folder from the '.dmg' volume) or when installing an \nupgrade.\u00a0A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.x",
"version_value": "13.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html",
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

119
2023/44xxx/CVE-2023-44256.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.0"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.2",
"version_value": "7.0.8"
},
{
"version_affected": "<=",
"version_name": "6.4.8",
"version_value": "6.4.13"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.0"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-19-039",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-19-039"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh",
"refsource": "MISC",
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"
}
]
}

79
2023/44xxx/CVE-2023-44483.json
View File

@ -1,18 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Santuario",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2",
"version_value": "2.2.6"
},
{
"version_affected": "<",
"version_name": "2.3",
"version_value": "2.3.4"
},
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue."
}
]
}

18
2023/5xxx/CVE-2023-5678.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}