"-Synchronized-Data."

2025-05-07 19:17:10 +00:00 · 2023-01-02 19:00:38 +00:00 · 2023-01-02 19:00:38 +00:00 · a804bcdcbd
commit a804bcdcbd
parent 8637af8840
3 changed files with 203 additions and 4 deletions
--- a/2014/125xxx/CVE-2014-125036.json
+++ b/2014/125xxx/CVE-2014-125036.json
@ -1,17 +1,105 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2014-125036",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the patch is ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine problematische Schwachstelle wurde in drybjed ansible-ntp entdeckt. Davon betroffen ist unbekannter Code der Datei meta/main.yml. Mittels Manipulieren mit unbekannten Daten kann eine insufficient control of network message volume-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Patch wird als ed4ca2cf012677973c220cdba36b5c60bfa0260b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-406 Insufficient Control of Network Message Volume",
+                        "cweId": "CWE-406"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "drybjed",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ansible-ntp",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a",
+                                            "version_affected": "="
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.217190",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.217190"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.217190",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.217190"
+            },
+            {
+                "url": "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b",
+                "refsource": "MISC",
+                "name": "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB GitHub Commit Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 2.6,
+                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
+                "baseSeverity": "LOW"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 2.6,
+                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
+                "baseSeverity": "LOW"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 1.4,
+                "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P",
+                "baseSeverity": "LOW"
            }
        ]
    }
--- a/2016/15xxx/CVE-2016-15007.json
+++ b/2016/15xxx/CVE-2016-15007.json
@ -0,0 +1,106 @@
+{
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "CVE_data_meta": {
+        "ID": "CVE-2016-15007",
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195."
+            },
+            {
+                "lang": "deu",
+                "value": "In Centralized-Salesforce-Dev-Framework wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion SObjectService der Datei src/classes/SObjectService.cls der Komponente SOQL Handler. Dank der Manipulation des Arguments orderDirection mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Patch wird als db03ac5b8a9d830095991b529c067a030a0ccf7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-74 Injection",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Centralized-Salesforce-Dev-Framework",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a",
+                                            "version_affected": "="
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.217195",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.217195"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.217195",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.217195"
+            },
+            {
+                "url": "https://github.com/scottbcovert/Centralized-Salesforce-Dev-Framework/commit/db03ac5b8a9d830095991b529c067a030a0ccf7b",
+                "refsource": "MISC",
+                "name": "https://github.com/scottbcovert/Centralized-Salesforce-Dev-Framework/commit/db03ac5b8a9d830095991b529c067a030a0ccf7b"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB GitHub Commit Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 5.5,
+                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 5.5,
+                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 5.2,
+                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
+                "baseSeverity": "MEDIUM"
+            }
+        ]
+    }
+}
--- a/2022/22xxx/CVE-2022-22728.json
+++ b/2022/22xxx/CVE-2022-22728.json
@ -121,6 +121,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
                "url": "http://www.openwall.com/lists/oss-security/2023/01/02/1"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
+                "url": "http://www.openwall.com/lists/oss-security/2023/01/02/2"
            }
        ]
    },