From c344944d121ec5c97cc42ea51a0d71a0a8a4e745 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Jan 2023 17:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/125xxx/CVE-2014-125050.json | 111 ++++++++++++++++++++++++ 2014/125xxx/CVE-2014-125051.json | 139 +++++++++++++++++++++++++++++++ 2020/36xxx/CVE-2020-36643.json | 106 +++++++++++++++++++++++ 2022/44xxx/CVE-2022-44149.json | 66 +++++++++++++-- 2022/44xxx/CVE-2022-44877.json | 5 ++ 2023/22xxx/CVE-2023-22802.json | 18 ++++ 6 files changed, 439 insertions(+), 6 deletions(-) create mode 100644 2014/125xxx/CVE-2014-125050.json create mode 100644 2014/125xxx/CVE-2014-125051.json create mode 100644 2020/36xxx/CVE-2020-36643.json create mode 100644 2023/22xxx/CVE-2023-22802.json diff --git a/2014/125xxx/CVE-2014-125050.json b/2014/125xxx/CVE-2014-125050.json new file mode 100644 index 00000000000..1e1e1e551fa --- /dev/null +++ b/2014/125xxx/CVE-2014-125050.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125050", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ScottTZhang voter-js gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei main.js. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 6317c67a56061aeeaeed3cf9ec665fd9983d8044 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ScottTZhang", + "product": { + "product_data": [ + { + "product_name": "voter-js", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217562", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217562" + }, + { + "url": "https://vuldb.com/?ctiid.217562", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217562" + }, + { + "url": "https://github.com/ScottTZhang/voter-js/pull/15", + "refsource": "MISC", + "name": "https://github.com/ScottTZhang/voter-js/pull/15" + }, + { + "url": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", + "refsource": "MISC", + "name": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125051.json b/2014/125xxx/CVE-2014-125051.json new file mode 100644 index 00000000000..efe4a84866e --- /dev/null +++ b/2014/125xxx/CVE-2014-125051.json @@ -0,0 +1,139 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125051", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564." + }, + { + "lang": "deu", + "value": "In himiklab yii2-jqgrid-widget bis 1.0.7 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion addSearchOptionsRecursively der Datei JqGridAction.php. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a117e0f2df729e3ff726968794d9a5ac40e660b9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "himiklab", + "product": { + "product_data": [ + { + "product_name": "yii2-jqgrid-widget", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + }, + { + "version_value": "1.0.6", + "version_affected": "=" + }, + { + "version_value": "1.0.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217564", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217564" + }, + { + "url": "https://vuldb.com/?ctiid.217564", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217564" + }, + { + "url": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", + "refsource": "MISC", + "name": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9" + }, + { + "url": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", + "refsource": "MISC", + "name": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36643.json b/2020/36xxx/CVE-2020-36643.json new file mode 100644 index 00000000000..3f20a6c1ca9 --- /dev/null +++ b/2020/36xxx/CVE-2020-36643.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36643", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in intgr uqm-wasm ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion log_displayBox in der Bibliothek sc2/src/libs/log/msgbox_macosx.m. Mittels dem Manipulieren mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Patch wird als 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134 Format String", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "intgr", + "product": { + "product_data": [ + { + "product_name": "uqm-wasm", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217563", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217563" + }, + { + "url": "https://vuldb.com/?ctiid.217563", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217563" + }, + { + "url": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f", + "refsource": "MISC", + "name": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44149.json b/2022/44xxx/CVE-2022-44149.json index e1a18da6ff4..e1830d18f60 100644 --- a/2022/44xxx/CVE-2022-44149.json +++ b/2022/44xxx/CVE-2022-44149.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44149", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44149", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2023010006", + "url": "https://cxsecurity.com/issue/WLB-2023010006" + }, + { + "refsource": "MISC", + "name": "https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8", + "url": "https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html", + "url": "https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html" } ] } diff --git a/2022/44xxx/CVE-2022-44877.json b/2022/44xxx/CVE-2022-44877.json index 17232f44c9d..2c0030f673f 100644 --- a/2022/44xxx/CVE-2022-44877.json +++ b/2022/44xxx/CVE-2022-44877.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386", "url": "https://gist.github.com/numanturle/c1e82c47f4cba24cff214e904c227386" + }, + { + "refsource": "FULLDISC", + "name": "20230106 Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877", + "url": "http://seclists.org/fulldisclosure/2023/Jan/1" } ] } diff --git a/2023/22xxx/CVE-2023-22802.json b/2023/22xxx/CVE-2023-22802.json new file mode 100644 index 00000000000..dea1d34bf44 --- /dev/null +++ b/2023/22xxx/CVE-2023-22802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file