admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-06 17:00:36 +00:00
parent 584068e016
commit c344944d12
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 439 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
2014/125xxx/CVE-2014-125050.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125050",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in ScottTZhang voter-js gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei main.js. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 6317c67a56061aeeaeed3cf9ec665fd9983d8044 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ScottTZhang",
"product": {
"product_data": [
{
"product_name": "voter-js",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217562",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217562"
},
{
"url": "https://vuldb.com/?ctiid.217562",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217562"
},
{
"url": "https://github.com/ScottTZhang/voter-js/pull/15",
"refsource": "MISC",
"name": "https://github.com/ScottTZhang/voter-js/pull/15"
},
{
"url": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044",
"refsource": "MISC",
"name": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

139
2014/125xxx/CVE-2014-125051.json Normal file
View File

@ -0,0 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125051",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564."
},
{
"lang": "deu",
"value": "In himiklab yii2-jqgrid-widget bis 1.0.7 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion addSearchOptionsRecursively der Datei JqGridAction.php. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a117e0f2df729e3ff726968794d9a5ac40e660b9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "himiklab",
"product": {
"product_data": [
{
"product_name": "yii2-jqgrid-widget",
"version": {
"version_data": [
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "1.0.1",
"version_affected": "="
},
{
"version_value": "1.0.2",
"version_affected": "="
},
{
"version_value": "1.0.3",
"version_affected": "="
},
{
"version_value": "1.0.4",
"version_affected": "="
},
{
"version_value": "1.0.5",
"version_affected": "="
},
{
"version_value": "1.0.6",
"version_affected": "="
},
{
"version_value": "1.0.7",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217564",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217564"
},
{
"url": "https://vuldb.com/?ctiid.217564",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217564"
},
{
"url": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9",
"refsource": "MISC",
"name": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9"
},
{
"url": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8",
"refsource": "MISC",
"name": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2020/36xxx/CVE-2020-36643.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-36643",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in intgr uqm-wasm ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion log_displayBox in der Bibliothek sc2/src/libs/log/msgbox_macosx.m. Mittels dem Manipulieren mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Patch wird als 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134 Format String",
"cweId": "CWE-134"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "intgr",
"product": {
"product_data": [
{
"product_name": "uqm-wasm",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217563",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217563"
},
{
"url": "https://vuldb.com/?ctiid.217563",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217563"
},
{
"url": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f",
"refsource": "MISC",
"name": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

66
2022/44xxx/CVE-2022-44149.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44149",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-44149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cxsecurity.com/issue/WLB-2023010006",
"url": "https://cxsecurity.com/issue/WLB-2023010006"
},
{
"refsource": "MISC",
"name": "https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8",
"url": "https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html",
"url": "https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html"
}
]
}

5
2022/44xxx/CVE-2022-44877.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386",
"url": "https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386"
},
{
"refsource": "FULLDISC",
"name": "20230106 Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877",
"url": "http://seclists.org/fulldisclosure/2023/Jan/1"
}
]
}

18
2023/22xxx/CVE-2023-22802.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}