admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'CVEProject:master' into CVE-2023-25132

Browse Source
This commit is contained in:
ZUSOART 2023-04-24 17:40:23 +08:00 committed by GitHub
commit ab071fe87c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3724 changed files with 179756 additions and 24093 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
2009/10xxx/CVE-2009-10004.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2009-10004",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Turante Sandbox Theme bis 1.5.2 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sandbox_body_class der Datei functions.php. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.6.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8045b1e10970342f558b2c5f360e0bd135af2b10 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Turante",
"product": {
"product_data": [
{
"product_name": "Sandbox Theme",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.5.1"
},
{
"version_affected": "=",
"version_value": "1.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225357",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225357"
},
{
"url": "https://vuldb.com/?ctiid.225357",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225357"
},
{
"url": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10",
"refsource": "MISC",
"name": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10"
},
{
"url": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1",
"refsource": "MISC",
"name": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2012/10xxx/CVE-2012-10010.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2012-10010",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The name of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in BestWebSoft Contact Form 3.21 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion cntctfrm_settings_page der Datei contact_form.php. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 3.22 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8398d96ff0fe45ec9267d7259961c2ef89ed8005 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BestWebSoft",
"product": {
"product_data": [
{
"product_name": "Contact Form",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225321",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225321"
},
{
"url": "https://vuldb.com/?ctiid.225321",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225321"
},
{
"url": "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

134
2012/10xxx/CVE-2012-10011.json Normal file
View File

@ -0,0 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2012-10011",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in HD FLV PLayer Plugin bis 1.7 ausgemacht. Davon betroffen ist die Funktion hd_add_media/hd_update_media der Datei functions.php. Durch Manipulation des Arguments name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 34d66b9f3231a0e2dc0e536a6fe615d736e863f7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HD FLV PLayer Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_value": "1.6"
},
{
"version_affected": "=",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225350",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225350"
},
{
"url": "https://vuldb.com/?ctiid.225350",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225350"
},
{
"url": "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

158
2012/10xxx/CVE-2012-10012.json Normal file
View File

@ -0,0 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2012-10012",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355."
},
{
"lang": "deu",
"value": "In BestWebSoft Facebook Like Button bis 2.13 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um die Funktion fcbk_bttn_plgn_settings_page der Datei facebook-button-plugin.php. Durch das Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 33144ae5a45ed07efe7fceca901d91365fdbf7cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BestWebSoft",
"product": {
"product_data": [
{
"product_name": "Facebook Like Button",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.3"
},
{
"version_affected": "=",
"version_value": "2.4"
},
{
"version_affected": "=",
"version_value": "2.5"
},
{
"version_affected": "=",
"version_value": "2.6"
},
{
"version_affected": "=",
"version_value": "2.7"
},
{
"version_affected": "=",
"version_value": "2.8"
},
{
"version_affected": "=",
"version_value": "2.9"
},
{
"version_affected": "=",
"version_value": "2.10"
},
{
"version_affected": "=",
"version_value": "2.11"
},
{
"version_affected": "=",
"version_value": "2.12"
},
{
"version_affected": "=",
"version_value": "2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225355",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225355"
},
{
"url": "https://vuldb.com/?ctiid.225355",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225355"
},
{
"url": "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

18
2012/10xxx/CVE-2012-10013.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-10013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2012/10xxx/CVE-2012-10014.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-10014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

125
2013/10xxx/CVE-2013-10023.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151."
},
{
"lang": "deu",
"value": "In Editorial Calendar Plugin bis 2.6 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion edcal_filter_where der Datei edcal.php. Durch die Manipulation des Arguments edcal_startDate/edcal_endDate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a9277f13781187daee760b4dfd052b1b68e101cc bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Editorial Calendar Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.3"
},
{
"version_affected": "=",
"version_value": "2.4"
},
{
"version_affected": "=",
"version_value": "2.5"
},
{
"version_affected": "=",
"version_value": "2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225151",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225151"
},
{
"url": "https://vuldb.com/?ctiid.225151",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225151"
},
{
"url": "https://github.com/wp-plugins/editorial-calendar/commit/a9277f13781187daee760b4dfd052b1b68e101cc",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/editorial-calendar/commit/a9277f13781187daee760b4dfd052b1b68e101cc"
},
{
"url": "https://github.com/wp-plugins/editorial-calendar/releases/tag/2.7",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/editorial-calendar/releases/tag/2.7"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

106
2013/10xxx/CVE-2013-10024.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2013-10024",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Exit Strategy Plugin 1.55 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei exitpage.php. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.59 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d964b8e961b2634158719f3328f16eda16ce93ac bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Exit Strategy Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.55"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225265",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225265"
},
{
"url": "https://vuldb.com/?ctiid.225265",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225265"
},
{
"url": "https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2013/10xxx/CVE-2013-10025.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2013-10025",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Exit Strategy Plugin 1.55 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion exitpageadmin der Datei exitpage.php. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.59 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d964b8e961b2634158719f3328f16eda16ce93ac bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Exit Strategy Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.55"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225266",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225266"
},
{
"url": "https://vuldb.com/?ctiid.225266",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225266"
},
{
"url": "https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

55
2014/0xxx/CVE-2014-0181.json
View File

@ -54,24 +54,9 @@
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html",
@ -79,14 +64,19 @@
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"url": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html",
"refsource": "MISC",
"name": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2"
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2014-1959.html",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-1959.html"
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/04/23/6",
@ -99,14 +89,29 @@
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e"
},
{
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45"
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1959.html",
"refsource": "MISC",
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9"
"name": "http://rhn.redhat.com/errata/RHSA-2014-1959.html"
},
{
"url": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2",
"refsource": "MISC",
"name": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/16/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/04/16/3"
}
]
}

106
2014/125xxx/CVE-2014-125095.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125095",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in BestWebSoft Contact Form Plugin 1.3.4 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion bws_add_menu_render der Datei bws_menu/bws_menu.php. Durch das Manipulieren des Arguments bwsmn_form_email mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.3.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 4d531f74b4a801c805dc80360d4ea1312e9a278f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BestWebSoft",
"product": {
"product_data": [
{
"product_name": "Contact Form Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225320",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225320"
},
{
"url": "https://vuldb.com/?ctiid.225320",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225320"
},
{
"url": "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125096.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125096",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Fancy Gallery Plugin 1.5.12 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei class.options.php der Komponente Options Page. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.5.13 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fancy Gallery Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225349",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225349"
},
{
"url": "https://vuldb.com/?ctiid.225349",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225349"
},
{
"url": "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

238
2014/125xxx/CVE-2014-125097.json Normal file
View File

@ -0,0 +1,238 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125097",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in BestWebSoft Facebook Like Button bis 2.33 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion fcbkbttn_settings_page der Datei facebook-button-plugin.php. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 2.34 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b766da8fa100779409a953f0e46c2a2448cbe99c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BestWebSoft",
"product": {
"product_data": [
{
"product_name": "Facebook Like Button",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "2.3"
},
{
"version_affected": "=",
"version_value": "2.4"
},
{
"version_affected": "=",
"version_value": "2.5"
},
{
"version_affected": "=",
"version_value": "2.6"
},
{
"version_affected": "=",
"version_value": "2.7"
},
{
"version_affected": "=",
"version_value": "2.8"
},
{
"version_affected": "=",
"version_value": "2.9"
},
{
"version_affected": "=",
"version_value": "2.10"
},
{
"version_affected": "=",
"version_value": "2.11"
},
{
"version_affected": "=",
"version_value": "2.12"
},
{
"version_affected": "=",
"version_value": "2.13"
},
{
"version_affected": "=",
"version_value": "2.14"
},
{
"version_affected": "=",
"version_value": "2.15"
},
{
"version_affected": "=",
"version_value": "2.16"
},
{
"version_affected": "=",
"version_value": "2.17"
},
{
"version_affected": "=",
"version_value": "2.18"
},
{
"version_affected": "=",
"version_value": "2.19"
},
{
"version_affected": "=",
"version_value": "2.20"
},
{
"version_affected": "=",
"version_value": "2.21"
},
{
"version_affected": "=",
"version_value": "2.22"
},
{
"version_affected": "=",
"version_value": "2.23"
},
{
"version_affected": "=",
"version_value": "2.24"
},
{
"version_affected": "=",
"version_value": "2.25"
},
{
"version_affected": "=",
"version_value": "2.26"
},
{
"version_affected": "=",
"version_value": "2.27"
},
{
"version_affected": "=",
"version_value": "2.28"
},
{
"version_affected": "=",
"version_value": "2.29"
},
{
"version_affected": "=",
"version_value": "2.30"
},
{
"version_affected": "=",
"version_value": "2.31"
},
{
"version_affected": "=",
"version_value": "2.32"
},
{
"version_affected": "=",
"version_value": "2.33"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225354",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225354"
},
{
"url": "https://vuldb.com/?ctiid.225354",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225354"
},
{
"url": "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

130
2014/125xxx/CVE-2014-125098.json Normal file
View File

@ -0,0 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125098",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Dart http_server bis 0.9.5 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion VirtualDirectory der Datei lib/src/virtual_directory.dart der Komponente Directory Listing Handler. Durch Beeinflussen des Arguments request.uri.path mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.9.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 27c1cbd8125bb0369e675eb72e48218496e48ffb bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dart",
"product": {
"product_data": [
{
"product_name": "http_server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.9.0"
},
{
"version_affected": "=",
"version_value": "0.9.1"
},
{
"version_affected": "=",
"version_value": "0.9.2"
},
{
"version_affected": "=",
"version_value": "0.9.3"
},
{
"version_affected": "=",
"version_value": "0.9.4"
},
{
"version_affected": "=",
"version_value": "0.9.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225356",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225356"
},
{
"url": "https://vuldb.com/?ctiid.225356",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225356"
},
{
"url": "https://codereview.chromium.org/225813002",
"refsource": "MISC",
"name": "https://codereview.chromium.org/225813002"
},
{
"url": "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb",
"refsource": "MISC",
"name": "https://github.com/dart-archive/http_server/commit/27c1cbd8125bb0369e675eb72e48218496e48ffb"
},
{
"url": "https://github.com/dart-archive/http_server/releases/tag/0.9.6",
"refsource": "MISC",
"name": "https://github.com/dart-archive/http_server/releases/tag/0.9.6"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

119
2014/125xxx/CVE-2014-125099.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125099",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In I Recommend This Plugin bis 3.7.2 f\u00fcr WordPress wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei dot-irecommendthis.php. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 3.7.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 058b3ef5c7577bf557557904a53ecc8599b13649 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "I Recommend This Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_value": "3.7.1"
},
{
"version_affected": "=",
"version_value": "3.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.226309",
"refsource": "MISC",
"name": "https://vuldb.com/?id.226309"
},
{
"url": "https://vuldb.com/?ctiid.226309",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.226309"
},
{
"url": "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/i-recommend-this/commit/058b3ef5c7577bf557557904a53ecc8599b13649"
},
{
"url": "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/i-recommend-this/releases/tag/3.7.3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

121
2015/10xxx/CVE-2015-10098.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-10098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Broken Link Checker Plugin bis 1.10.5 ausgemacht. Dies betrifft die Funktion print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.10.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f30638869e281461b87548e40b517738b4350e47 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Broken Link Checker Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
},
{
"version_affected": "=",
"version_value": "1.10.1"
},
{
"version_affected": "=",
"version_value": "1.10.2"
},
{
"version_affected": "=",
"version_value": "1.10.3"
},
{
"version_affected": "=",
"version_value": "1.10.4"
},
{
"version_affected": "=",
"version_value": "1.10.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225152",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225152"
},
{
"url": "https://vuldb.com/?ctiid.225152",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225152"
},
{
"url": "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47"
},
{
"url": "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/broken-link-checker/releases/tag/1.10.6"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}

126
2015/10xxx/CVE-2015-10099.json Normal file
View File

@ -0,0 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10099",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in CP Appointment Calendar Plugin bis 1.1.5 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion dex_process_ready_to_go_appointment der Datei dex_appointments.php. Mittels dem Manipulieren des Arguments itemnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als e29a9cdbcb0f37d887dd302a05b9e8bf213da01d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CP Appointment Calendar Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "=",
"version_value": "1.1.1"
},
{
"version_affected": "=",
"version_value": "1.1.2"
},
{
"version_affected": "=",
"version_value": "1.1.3"
},
{
"version_affected": "=",
"version_value": "1.1.4"
},
{
"version_affected": "=",
"version_value": "1.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225351",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225351"
},
{
"url": "https://vuldb.com/?ctiid.225351",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225351"
},
{
"url": "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/cp-appointment-calendar/commit/e29a9cdbcb0f37d887dd302a05b9e8bf213da01d"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

151
2015/10xxx/CVE-2015-10100.json Normal file
View File

@ -0,0 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10100",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Dynamic Widgets Plugin bis 1.5.10 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei classes/dynwid_class.php. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.5.11 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d0a19c6efcdc86d7093b369bc9e29a0629e57795 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Dynamic Widgets Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.5.1"
},
{
"version_affected": "=",
"version_value": "1.5.2"
},
{
"version_affected": "=",
"version_value": "1.5.3"
},
{
"version_affected": "=",
"version_value": "1.5.4"
},
{
"version_affected": "=",
"version_value": "1.5.5"
},
{
"version_affected": "=",
"version_value": "1.5.6"
},
{
"version_affected": "=",
"version_value": "1.5.7"
},
{
"version_affected": "=",
"version_value": "1.5.8"
},
{
"version_affected": "=",
"version_value": "1.5.9"
},
{
"version_affected": "=",
"version_value": "1.5.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225353",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225353"
},
{
"url": "https://vuldb.com/?ctiid.225353",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225353"
},
{
"url": "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/dynamic-widgets/commit/d0a19c6efcdc86d7093b369bc9e29a0629e57795"
},
{
"url": "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/dynamic-widgets/releases/tag/1.5.11"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

130
2015/10xxx/CVE-2015-10101.json Normal file
View File

@ -0,0 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10101",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Google Analytics Top Content Widget Plugin bis 1.5.6 f\u00fcr WordPress wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei class-tgm-plugin-activation.php. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.5.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 25bb1dea113716200a6f0f3135801d84a7a65540 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Google Analytics Top Content Widget Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.0"
},
{
"version_affected": "=",
"version_value": "1.5.1"
},
{
"version_affected": "=",
"version_value": "1.5.2"
},
{
"version_affected": "=",
"version_value": "1.5.3"
},
{
"version_affected": "=",
"version_value": "1.5.4"
},
{
"version_affected": "=",
"version_value": "1.5.5"
},
{
"version_affected": "=",
"version_value": "1.5.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.226117",
"refsource": "MISC",
"name": "https://vuldb.com/?id.226117"
},
{
"url": "https://vuldb.com/?ctiid.226117",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.226117"
},
{
"url": "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2015/10xxx/CVE-2015-10102.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10102",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Freshdesk Plugin 1.7 f\u00fcr WordPress entdeckt. Betroffen davon ist ein unbekannter Prozess. Mit der Manipulation mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 Open Redirect",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Freshdesk Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.226118",
"refsource": "MISC",
"name": "https://vuldb.com/?id.226118"
},
{
"url": "https://vuldb.com/?ctiid.226118",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.226118"
},
{
"url": "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

123
2015/10xxx/CVE-2015-10103.json Normal file
View File

@ -0,0 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10103",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in InternalError503 Forget It bis 1.3 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei js/settings.js. Durch die Manipulation des Arguments setForgetTime mit der Eingabe 0 mit unbekannten Daten kann eine infinite loop-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Ein Aktualisieren auf die Version 1.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als adf0c7fd59b9c935b4fd675c556265620124999c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835 Infinite Loop",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "InternalError503",
"product": {
"product_data": [
{
"product_name": "Forget It",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.226119",
"refsource": "MISC",
"name": "https://vuldb.com/?id.226119"
},
{
"url": "https://vuldb.com/?ctiid.226119",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.226119"
},
{
"url": "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c",
"refsource": "MISC",
"name": "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c"
},
{
"url": "https://github.com/InternalError503/forget-it/releases/tag/1.4",
"refsource": "MISC",
"name": "https://github.com/InternalError503/forget-it/releases/tag/1.4"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.8,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "LOW"
}
]
}
}

5
2016/1000xxx/CVE-2016-1000027.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525",
"url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0009/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0009/"
}
]
}

10
2017/11xxx/CVE-2017-11164.json
View File

@ -66,6 +66,16 @@
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230411 CVE-2017-11164 - stack exhaustion in PCRE",
"url": "http://www.openwall.com/lists/oss-security/2023/04/11/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20230412 Re: CVE-2017-11164 - stack exhaustion in PCRE",
"url": "http://www.openwall.com/lists/oss-security/2023/04/12/1"
}
]
}

5
2018/14xxx/CVE-2018-14054.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/14xxx/CVE-2018-14325.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/14xxx/CVE-2018-14326.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/14xxx/CVE-2018-14379.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/14xxx/CVE-2018-14403.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/14xxx/CVE-2018-14446.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6469ad8129",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISUIWPKBWPXORUFNWBGFTKQS7UUVUC4/"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

53
2018/15xxx/CVE-2018-15472.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15472",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

5
2018/17xxx/CVE-2018-17235.json
View File

@ -56,6 +56,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

5
2018/17xxx/CVE-2018-17236.json
View File

@ -56,6 +56,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453"
},
{
"refsource": "MISC",
"name": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0",
"url": "https://github.com/enzo1982/mp4v2/releases/tag/v2.1.0"
}
]
}

53
2018/17xxx/CVE-2018-17449.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17449",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17450.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17450",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17451.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17451",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17452.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17452",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17453.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17453",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17454.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17454",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17455.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17455",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the \"merge request approvals\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17536.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17536",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17537.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17537",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/",
"url": "https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/"
}
]
}

53
2018/17xxx/CVE-2018-17883.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17883",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.otrs.com/category/release-and-security-notes-en/",
"refsource": "MISC",
"name": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"refsource": "CONFIRM",
"name": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/",
"url": "https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/"
}
]
}

111
2018/25xxx/CVE-2018-25084.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25084",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Ping Identity Self-Service Account Manager 1.1.2 entdeckt. Dies betrifft einen unbekannten Teil der Datei src/main/java/com/unboundid/webapp/ssam/SSAMController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.1.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ping Identity",
"product": {
"product_data": [
{
"product_name": "Self-Service Account Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.225362",
"refsource": "MISC",
"name": "https://vuldb.com/?id.225362"
},
{
"url": "https://vuldb.com/?ctiid.225362",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.225362"
},
{
"url": "https://github.com/pingidentity/ssam/commit/f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251",
"refsource": "MISC",
"name": "https://github.com/pingidentity/ssam/commit/f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251"
},
{
"url": "https://github.com/pingidentity/ssam/releases/tag/ssam-1.1.3",
"refsource": "MISC",
"name": "https://github.com/pingidentity/ssam/releases/tag/ssam-1.1.3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

176
2018/4xxx/CVE-2018-4843.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
"value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted\r\nPROFINET DCP packet could cause a Denial-of-Service condition of the requesting\r\nsystem.\r\n\r\nThe security vulnerability could be exploited by an attacker located on\r\nthe same Ethernet segment (OSI Layer 2) as the targeted device. Successful\r\nexploitation requires no user interaction or privileges and impacts the\r\navailability of core functionality of the affected device. A manual restart\r\nis required to recover the system.\r\n\r\nAt the time of advisory publication no public exploitation of this security\r\nvulnerability is known. Siemens provides mitigations to resolve the\r\nsecurity issue. PROFIBUS interfaces are not affected."
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -51,30 +51,34 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 (incl. SIPLUS variants)",
"product_name": "SIMATIC CP 443-1",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
},
{
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)",
"product_name": "SIMATIC CP 443-1 Advanced",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -84,8 +88,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -95,8 +99,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -106,8 +110,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -117,8 +121,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -128,8 +132,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -139,8 +143,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.7.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.7.0"
}
]
}
@ -150,8 +154,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.7.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.7.0"
}
]
}
@ -161,8 +165,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.16"
}
]
}
@ -172,8 +176,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -183,8 +187,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -194,8 +198,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -205,8 +209,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -216,8 +220,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -227,8 +231,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -238,8 +242,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -249,8 +253,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -260,8 +264,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -271,8 +275,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.9",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V6.0.9"
}
]
}
@ -282,8 +286,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.7",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V6.0.7"
}
]
}
@ -293,8 +297,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -304,8 +308,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V8.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V8.1"
}
]
}
@ -315,8 +319,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
@ -326,8 +330,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
@ -337,8 +341,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP6 HF1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 SP6 HF1"
}
]
}
@ -348,8 +352,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -359,8 +363,30 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
},
{
"product_name": "SIPLUS NET CP 443-1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
},
{
"product_name": "SIPLUS NET CP 443-1 Advanced",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -370,8 +396,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.16"
}
]
}
@ -381,8 +407,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -392,8 +418,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -403,8 +429,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -414,8 +440,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -425,8 +451,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}

5
2019/10xxx/CVE-2019-10224.json
View File

@ -53,6 +53,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10224",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

462
2019/10xxx/CVE-2019-10923.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION (incl. SIPLUS variants), SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7, SIMATIC S7-400 CPU 412-2 DP V7, SIMATIC S7-400 CPU 412-2 PN/DP V7, SIMATIC S7-400 CPU 414-2 DP V7, SIMATIC S7-400 CPU 414-3 DP V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-2 DP V7, SIMATIC S7-400 CPU 416-3 DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-2 DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 CPU 417-4 DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 V7, SIPLUS S7-400 CPU 417-4 V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
}
]
},
@ -35,13 +35,156 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": " SIMATIC S7-400 CPU 412-1 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 412-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 412-2 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-3 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-3 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416F-2 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": " SIMATIC S7-400 CPU 417-4 DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.1 Patch 05",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.1.1 Patch 05"
}
]
}
@ -51,8 +194,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.5.0 Patch 01",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.5.0 Patch 01"
}
]
}
@ -62,8 +205,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.5.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.5.0"
}
]
}
@ -73,8 +216,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.2.1"
}
]
}
@ -84,8 +227,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -95,8 +238,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -106,8 +249,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -117,8 +260,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -128,8 +271,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -139,8 +282,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -150,8 +293,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -161,8 +304,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -172,8 +315,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -183,8 +326,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -194,8 +337,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -205,8 +348,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -216,8 +359,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -227,8 +370,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -238,8 +381,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -249,8 +392,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -260,8 +403,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -271,8 +414,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -282,8 +425,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -293,8 +436,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -304,8 +447,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -315,8 +458,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.8",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.8"
}
]
}
@ -326,8 +469,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.8",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.8"
}
]
}
@ -337,8 +480,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -348,8 +491,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.17"
}
]
}
@ -359,8 +502,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -370,8 +513,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -381,8 +524,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -392,8 +535,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -403,8 +546,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -414,8 +557,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -425,8 +568,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -436,8 +579,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -447,8 +590,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -458,19 +601,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -480,8 +612,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
@ -491,19 +623,19 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
},
{
"product_name": "SIMOTION (incl. SIPLUS variants)",
"product_name": "SIMOTION",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -513,8 +645,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.5 HF1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.5 HF1"
}
]
}
@ -524,8 +656,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.3"
}
]
}
@ -535,8 +667,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
@ -546,8 +678,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
@ -557,8 +689,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF29",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 HF29"
}
]
}
@ -568,8 +700,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8"
}
]
}
@ -579,8 +711,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -590,8 +722,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -601,8 +733,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -612,8 +744,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -623,8 +755,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF34",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 HF34"
}
]
}
@ -634,8 +766,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8"
}
]
}
@ -645,8 +777,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF33",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 HF33"
}
]
}
@ -656,8 +788,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -667,8 +799,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP5",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP5"
}
]
}
@ -678,8 +810,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP5",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP5"
}
]
}
@ -689,8 +821,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -700,8 +832,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -711,8 +843,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.17"
}
]
}
@ -722,8 +854,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -733,8 +865,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -744,8 +876,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
@ -755,8 +887,52 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.17"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.0.3"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 416-3 V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 417-4 V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}

746
2019/13xxx/CVE-2019-13946.json
View File

File diff suppressed because it is too large Load Diff

9
2019/14xxx/CVE-2019-14824.json
View File

@ -59,6 +59,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2020:0464",
"refsource": "MISC",
@ -70,9 +75,9 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

75
2019/14xxx/CVE-2019-14942.json Normal file
View File

@ -0,0 +1,75 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab-pages/issues/232",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-pages/issues/232"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/",
"url": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

77
2019/14xxx/CVE-2019-14944.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"name": "https://about.gitlab.com/blog/categories/releases/"
},
{
"url": "https://gitlab.com/gitlab-org/gitaly/issues/1801",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitaly/issues/1801"
},
{
"url": "https://gitlab.com/gitlab-org/gitaly/issues/1802",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitaly/issues/1802"
},
{
"refsource": "CONFIRM",
"name": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/",
"url": "https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/"
}
]
}
}

5
2019/15xxx/CVE-2019-15132.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
}

89
2019/19xxx/CVE-2019-19282.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19282",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-19282",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131: Incorrect Calculation of Buffer Size",
"cweId": "CWE-131"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -29,6 +51,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -39,6 +62,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.0 Upd3"
}
]
@ -49,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -59,7 +84,8 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V8.2 Upd12"
}
]
}
@ -69,6 +95,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.0 SP1 Upd5"
}
]
@ -79,6 +106,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14 SP1 Update 14"
}
]
@ -89,6 +117,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -99,6 +128,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V16 Update 1"
}
]
@ -109,6 +139,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -119,6 +150,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -129,6 +161,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.0 SP3"
}
]
@ -139,6 +172,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -149,6 +183,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -159,6 +194,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.0 Upd4"
}
]
@ -169,6 +205,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13 SP2"
}
]
@ -179,6 +216,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14 SP1 Update 10"
}
]
@ -189,6 +227,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V15.1 Update 5"
}
]
@ -199,6 +238,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V16 Update 1"
}
]
@ -209,6 +249,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -219,6 +260,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.4 SP1 Update 14"
}
]
@ -229,6 +271,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.5 SP1 Update 1"
}
]
@ -240,33 +283,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131: Incorrect Calculation of Buffer Size"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}
}

459
2019/19xxx/CVE-2019-19301.json
View File

File diff suppressed because it is too large Load Diff

15
2019/19xxx/CVE-2019-19921.json
View File

@ -101,6 +101,21 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-1bcbb1db39",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-3cccbc4c95",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-1ba499965f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/"
}
]
}

5
2019/3xxx/CVE-2019-3883.json
View File

@ -73,6 +73,11 @@
"url": "https://pagure.io/389-ds-base/pull-request/50331",
"name": "https://pagure.io/389-ds-base/pull-request/50331",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
},

403
2019/6xxx/CVE-2019-6568.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device."
"value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device."
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -51,8 +51,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -62,8 +62,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -73,8 +73,12 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
},
{
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -84,8 +88,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -95,8 +99,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -106,8 +110,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -117,8 +121,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -128,8 +132,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -139,8 +143,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -150,8 +154,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -161,8 +165,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.1.6",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.1.6"
}
]
}
@ -172,8 +176,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.7",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.7"
}
]
}
@ -183,8 +187,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V15.1 Upd 4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V15.1 Upd 4"
}
]
}
@ -194,8 +198,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V15.1 Upd 4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V15.1 Upd 4"
}
]
}
@ -205,8 +209,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V15.1 Upd 4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V15.1 Upd 4"
}
]
}
@ -216,8 +220,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.1.3"
}
]
}
@ -227,8 +231,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -238,8 +242,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.1.0"
}
]
}
@ -249,8 +253,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.1.0"
}
]
}
@ -260,8 +264,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.1.0"
}
]
}
@ -271,8 +275,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.1"
}
]
}
@ -282,8 +286,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -293,8 +297,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.6.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.6.1"
}
]
}
@ -304,8 +308,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.7",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.7"
}
]
}
@ -315,8 +319,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.16"
}
]
}
@ -326,8 +330,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -337,8 +341,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -348,8 +352,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -359,8 +363,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -370,8 +374,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -381,8 +385,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -392,8 +396,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -403,8 +407,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -414,8 +418,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -425,8 +429,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -436,8 +440,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -447,8 +451,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.0 SP1 UPD1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.0 SP1 UPD1"
}
]
}
@ -458,8 +462,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -469,8 +473,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -480,8 +484,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -491,8 +495,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
@ -502,8 +506,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2010 SP3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2010 SP3"
}
]
}
@ -513,8 +517,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V15.1 Upd 4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V15.1 Upd 4"
}
]
}
@ -524,8 +528,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.1.3"
}
]
}
@ -535,8 +539,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.1.3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.1.3"
}
]
}
@ -546,8 +550,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -557,8 +561,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -568,8 +572,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -579,8 +583,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 HF6"
}
]
}
@ -590,8 +594,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -601,8 +605,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
@ -612,8 +616,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -623,8 +627,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -634,8 +638,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -645,8 +649,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 HF6"
}
]
}
@ -656,8 +660,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -667,8 +671,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
@ -678,8 +682,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -689,8 +693,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP2 HF9",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP2 HF9"
}
]
}
@ -700,8 +704,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -711,8 +715,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP2 HF9",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP2 HF9"
}
]
}
@ -722,8 +726,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -733,8 +737,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP2 HF9",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP2 HF9"
}
]
}
@ -744,8 +748,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -755,8 +759,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -766,8 +770,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -777,8 +781,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 HF6"
}
]
}
@ -788,8 +792,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -799,8 +803,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
@ -810,8 +814,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -821,8 +825,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -832,8 +836,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -843,8 +847,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 HF6"
}
]
}
@ -854,8 +858,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -865,30 +869,19 @@
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
"product_name": "SINAMICS S210 V5.1 Control Unit",
"product_name": "SINAMICS S210",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
}
]
}
},
{
"product_name": "SINAMICS S210 V5.1 SP1 Control Unit",
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V5.2"
}
]
}
@ -898,8 +891,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 HF33",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.7 HF33"
}
]
}
@ -909,8 +902,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -920,8 +913,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -931,8 +924,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP2 HF10",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V4.8 SP2 HF10"
}
]
}
@ -942,8 +935,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -953,8 +946,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -964,8 +957,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -975,8 +968,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions"
}
]
}
@ -986,8 +979,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -997,8 +990,8 @@
"version": {
"version_data": [
{
"version_value": "All versions",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -1008,8 +1001,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.3.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.3.16"
}
]
}
@ -1019,8 +1012,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -1030,8 +1023,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -1041,8 +1034,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -1052,8 +1045,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.16",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V3.2.16"
}
]
}
@ -1063,8 +1056,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.1"
}
]
}
@ -1074,8 +1067,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V1.5",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V1.5"
}
]
}
@ -1085,8 +1078,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.3",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.3"
}
]
}
@ -1096,8 +1089,8 @@
"version": {
"version_data": [
{
"version_value": "All versions < V2.1",
"version_affected": "="
"version_affected": "=",
"version_value": "All versions < V2.1"
}
]
}

5
2020/15xxx/CVE-2020-15803.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
}

81
2020/17xxx/CVE-2020-17354.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-17354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-17354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage",
"refsource": "MISC",
"name": "http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T259210",
"url": "https://phabricator.wikimedia.org/T259210"
},
{
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory",
"url": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory"
},
{
"refsource": "MISC",
"name": "https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/",
"url": "https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/"
},
{
"refsource": "CONFIRM",
"name": "https://gitlab.com/lilypond/lilypond/-/merge_requests/1522",
"url": "https://gitlab.com/lilypond/lilypond/-/merge_requests/1522"
},
{
"refsource": "MISC",
"name": "https://lilypond.org/download.html",
"url": "https://lilypond.org/download.html"
}
]
}

56
2020/19xxx/CVE-2020-19802.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/millken/doyocms",
"refsource": "MISC",
"name": "https://github.com/millken/doyocms"
}
]
}

61
2020/19xxx/CVE-2020-19803.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/millken/doyocms",
"refsource": "MISC",
"name": "https://github.com/millken/doyocms"
},
{
"url": "http://wdoyo.com/",
"refsource": "MISC",
"name": "http://wdoyo.com/"
}
]
}

56
2020/24xxx/CVE-2020-24736.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959",
"refsource": "MISC",
"name": "https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959"
}
]
}

76
2020/27xxx/CVE-2020-27545.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-27545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/libdwarf/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/libdwarf/"
},
{
"refsource": "MISC",
"name": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea",
"url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea"
},
{
"refsource": "MISC",
"name": "https://www.prevanders.net/dwarfbug.html#DW202010-001",
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-001"
},
{
"refsource": "MISC",
"name": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/",
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694"
}
]
}

15
2020/27xxx/CVE-2020-27827.json
View File

@ -63,6 +63,21 @@
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-88991d2713",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-c0c184a019",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-3e4feeadec",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
}
]
},

71
2020/28xxx/CVE-2020-28163.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3",
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"refsource": "MISC",
"name": "https://www.prevanders.net/dwarfbug.html#DW202010-003",
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
},
{
"refsource": "MISC",
"name": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/",
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
}
]
}

25
2020/28xxx/CVE-2020-28367.json
View File

@ -39,12 +39,14 @@
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
"version_affected": "<",
"version_name": "0",
"version_value": "1.14.12"
},
{
"version_value": "1.15.0",
"version_affected": "="
"version_affected": "<",
"version_name": "1.15.0",
"version_value": "1.15.5"
}
]
}
@ -57,11 +59,6 @@
},
"references": {
"reference_data": [
{
"url": "https://pkg.go.dev/vuln/GO-2022-0476",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2022-0476"
},
{
"url": "https://go.dev/cl/267277",
"refsource": "MISC",
@ -81,6 +78,16 @@
"url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0476",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2022-0476"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
},

76
2020/29xxx/CVE-2020-29007.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-29007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-29007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/seqred-s-a/cve-2020-29007",
"refsource": "MISC",
"name": "https://github.com/seqred-s-a/cve-2020-29007"
},
{
"url": "https://www.mediawiki.org/wiki/Extension:Score",
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score"
},
{
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T257062",
"url": "https://phabricator.wikimedia.org/T257062"
},
{
"refsource": "MISC",
"name": "https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/",
"url": "https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/"
},
{
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory",
"url": "https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory"
}
]
}

5
2020/35xxx/CVE-2020-35391.json
View File

@ -56,6 +56,11 @@
"url": "https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e",
"refsource": "MISC",
"name": "https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html",
"url": "http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html"
}
]
},

61
2020/36xxx/CVE-2020-36077.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36077",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-36077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.linkedin.com/in/abdallah-fouad/",
"refsource": "MISC",
"name": "https://www.linkedin.com/in/abdallah-fouad/"
},
{
"refsource": "MISC",
"name": "https://github.com/Abdallah-Fouad-X/CVE-s/blob/main/README.md",
"url": "https://github.com/Abdallah-Fouad-X/CVE-s/blob/main/README.md"
}
]
}

61
2020/9xxx/CVE-2020-9009.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-9009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-9009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://help.shipstation.com/hc/en-us/articles/360025855352-CS-Cart",
"refsource": "MISC",
"name": "https://help.shipstation.com/hc/en-us/articles/360025855352-CS-Cart"
},
{
"refsource": "MISC",
"name": "https://www.jerdiggity.com/node/870",
"url": "https://www.jerdiggity.com/node/870"
}
]
}

50
2021/0xxx/CVE-2021-0872.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401229"
}
]
}

50
2021/0xxx/CVE-2021-0873.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270392711"
}
]
}

50
2021/0xxx/CVE-2021-0874.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399633"
}
]
}

50
2021/0xxx/CVE-2021-0875.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400061"
}
]
}

50
2021/0xxx/CVE-2021-0876.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270400229"
}
]
}

50
2021/0xxx/CVE-2021-0878.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270399153"
}
]
}

50
2021/0xxx/CVE-2021-0879.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270397970"
}
]
}

50
2021/0xxx/CVE-2021-0880.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396792"
}
]
}

50
2021/0xxx/CVE-2021-0881.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270396350"
}
]
}

50
2021/0xxx/CVE-2021-0882.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0882",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395803"
}
]
}

50
2021/0xxx/CVE-2021-0883.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270395013"
}
]
}

50
2021/0xxx/CVE-2021-0884.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0884",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270393454"
}
]
}

50
2021/0xxx/CVE-2021-0885.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-0885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-04-01",
"url": "https://source.android.com/security/bulletin/2023-04-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-270401914"
}
]
}

5
2021/22xxx/CVE-2021-22569.json
View File

@ -151,6 +151,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
}
]
},

5
2021/22xxx/CVE-2021-22570.json
View File

@ -122,6 +122,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220429-0005/",
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
}
]
},

147
2021/24xxx/CVE-2021-24510.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24510",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "MF Gig Calendar",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39",
"name": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-24510",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "MF Gig Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "iohex"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "iohex"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2021/27xxx/CVE-2021-27927.json
View File

@ -56,6 +56,11 @@
"url": "https://support.zabbix.com/browse/ZBX-18942",
"refsource": "MISC",
"name": "https://support.zabbix.com/browse/ZBX-18942"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html"
}
]
},

5
2021/28xxx/CVE-2021-28235.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png",
"refsource": "MISC",
"name": "https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png"
},
{
"refsource": "MISC",
"name": "https://github.com/etcd-io/etcd/pull/15648",
"url": "https://github.com/etcd-io/etcd/pull/15648"
}
]
}

56
2021/28xxx/CVE-2021-28254.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process/",
"refsource": "MISC",
"name": "https://s1mple-top.github.io/2021/03/09/Laravel8-new-pop-chain-mining-process/"
}
]
}

66
2021/30xxx/CVE-2021-30153.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T270453",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T270453"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html",
"url": "https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/",
"url": "https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/"
}
]
}

5
2021/33xxx/CVE-2021-33196.json
View File

@ -76,6 +76,11 @@
"refsource": "GENTOO",
"name": "GLSA-202208-02",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}

15
2021/33xxx/CVE-2021-33367.json
View File

@ -56,6 +56,21 @@
"refsource": "MISC",
"name": "https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/",
"url": "https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-2682ede2ed",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEG5FTVLVSO26TEEYKORM42WZ4LEHIJB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-748f1d5710",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWMZOYJKXWOEEUV7ZKW4BX772F5P2HL/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-bace76409a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXJ4QSLSK4HLH5ZDMDC42F7XLWLFADRD/"
}
]
}

61
2021/33xxx/CVE-2021-33589.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ribose.com/feedback/security",
"refsource": "MISC",
"name": "https://www.ribose.com/feedback/security"
},
{
"refsource": "MISC",
"name": "https://open.ribose.com/advisories/ra-2021-05-30/#CVE-2021-33589",
"url": "https://open.ribose.com/advisories/ra-2021-05-30/#CVE-2021-33589"
}
]
}

89
2021/33xxx/CVE-2021-33737.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33737",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-33737",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,6 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -29,6 +51,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -39,6 +62,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -49,17 +73,23 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 (incl. SIPLUS variants)",
"product_name": "SIMATIC CP 443-1",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V3.3"
},
{
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -69,17 +99,19 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)",
"product_name": "SIPLUS NET CP 443-1",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -89,7 +121,8 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V3.3"
}
]
}
@ -100,33 +133,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIPLUS NET CP 443-1 Advanced (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}
}

55
2021/33xxx/CVE-2021-33797.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "patrick@puiterwijk.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "mujs",
"version": {
"version_data": [
{
"version_value": "mujs in versions 1.0.1 to 1.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ccxvii/mujs/issues/148",
"url": "https://github.com/ccxvii/mujs/issues/148"
},
{
"refsource": "MISC",
"name": "https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550",
"url": "https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d."
}
]
}

66
2021/33xxx/CVE-2021-33970.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/",
"refsource": "MISC",
"name": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/Qug7tquW",
"url": "https://pastebin.com/Qug7tquW"
}
]
}

66
2021/33xxx/CVE-2021-33971.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, \"360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)\" , \"360 Total Security(10.8.0.1060,10.8.0.1213)\", \"360 Safe Browser & 360 Chrome(13.0.2170.0)\". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. \u00b6\u00b6 This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert \"Memory Corruptor\" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/",
"refsource": "MISC",
"name": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/31v5JMcG",
"url": "https://pastebin.com/31v5JMcG"
}
]
}

66
2021/33xxx/CVE-2021-33972.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/",
"refsource": "MISC",
"name": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/qDedtZf3",
"url": "https://pastebin.com/qDedtZf3"
}
]
}

66
2021/33xxx/CVE-2021-33973.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/",
"refsource": "MISC",
"name": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/fsLDebg5",
"url": "https://pastebin.com/fsLDebg5"
}
]
}

61
2021/33xxx/CVE-2021-33974.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions \"360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)\" , \"360 Total Security(10.8.0.1060,10.8.0.1213)\", \"360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. \u00b6\u00b6 This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert \"Memory Corruptor\" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"refsource": "CONFIRM",
"name": "https://pastebin.com/ms1ivjYe",
"url": "https://pastebin.com/ms1ivjYe"
}
]
}

66
2021/33xxx/CVE-2021-33975.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-33975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html",
"refsource": "MISC",
"name": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/",
"refsource": "MISC",
"name": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"refsource": "MISC",
"name": "https://pastebin.com/ivNL7s0n",
"url": "https://pastebin.com/ivNL7s0n"
}
]
}

Some files were not shown because too many files have changed in this diff Show More