admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-10 15:00:40 +00:00
parent bc8a8c9abc
commit bdfdae1c0b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 214 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2016/15xxx/CVE-2016-15017.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-15017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In fabarea media_upload wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion getUploadedFileList der Datei Classes/Service/UploadFileService.php. Durch Manipulieren mit unbekannten Daten kann eine pathname traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.9.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b25d42a4981072321c1a363311d8ea2a4ac8763a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-21 Pathname Traversal",
"cweId": "CWE-21"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "fabarea",
"product": {
"product_data": [
{
"product_name": "media_upload",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217786",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217786"
},
{
"url": "https://vuldb.com/?ctiid.217786",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217786"
},
{
"url": "https://github.com/fabarea/media_upload/issues/6",
"refsource": "MISC",
"name": "https://github.com/fabarea/media_upload/issues/6"
},
{
"url": "https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a",
"refsource": "MISC",
"name": "https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a"
},
{
"url": "https://github.com/fabarea/media_upload/releases/tag/0.9.0",
"refsource": "MISC",
"name": "https://github.com/fabarea/media_upload/releases/tag/0.9.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

188
2022/4xxx/CVE-2022-4422.json
View File

@ -1,100 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-4422",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-12-19T11:00:00.000Z",
"TITLE": "BULUTDESK CALLCENTER SQL İnjection",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"SQL",
"İnjection"
],
"advisory": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql İnjection vulnerability. This has been fixed in the version 3.0 ",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bulutses Bilgi Teknolojileri LTD. ŞTİ.",
"product": {
"product_data": [
{
"product_name": "BULUTDESK CALLCENTER",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "3.0",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2022-4422",
"ASSIGNER": "cve@usom.gov.tr",
"DATE_PUBLIC": "2022-12-19T11:00:00.000Z",
"TITLE": "BULUTDESK CALLCENTER SQL \u0130njection",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"SQL",
"\u0130njection"
],
"advisory": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql \u0130njection vulnerability. This has been fixed in the version 3.0 ",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bulutses Bilgi Teknolojileri LTD. \u015eT\u0130.",
"product": {
"product_data": [
{
"product_name": "BULUTDESK CALLCENTER",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "<",
"version_value": "3.0",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql İnjection vulnerability. This has been fixed in the version 3.0 "
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Call center System developed by Bulutses Bilgi Teknolojileri before version 3.0 has an unauthenticated Sql \u0130njection vulnerability. This has been fixed in the version 3.0 "
}
]
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue affects:\nBulutses Bilgi Teknolojileri LTD. ŞTİ. BULUTDESK CALLCENTER\nversions prior to 3.0."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0747",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0747"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": []
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue affects: Bulutses Bilgi Teknolojileri LTD. \u015eT\u0130. BULUTDESK CALLCENTER versions prior to 3.0."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.usom.gov.tr/bildirim/tr-22-0747",
"name": "https://www.usom.gov.tr/bildirim/tr-22-0747"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": []
}

18
2023/0xxx/CVE-2023-0158.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}