admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-31 20:00:36 +00:00
parent 5c2c84e544
commit c474674606
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 386 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2014/125xxx/CVE-2014-125028.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125028",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in valtech IDP Test Client gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei python-flask/main.py. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als f1e7b3d431c8681ec46445557125890c14fa295f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "valtech",
"product": {
"product_data": [
{
"product_name": "IDP Test Client",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217148",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217148"
},
{
"url": "https://vuldb.com/?ctiid.217148",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217148"
},
{
"url": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f",
"refsource": "MISC",
"name": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

18
2014/125xxx/CVE-2014-125029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

116
2017/20xxx/CVE-2017-20160.json Normal file
View File

@ -0,0 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2017-20160",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in flitto express-param bis 0.x ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei lib/fetchParams.js. Durch das Beeinflussen mit unbekannten Daten kann eine improper handling of extra parameters-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als db94f7391ad0a16dcfcba8b9be1af385b25c42db bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-235 Improper Handling of Extra Parameters",
"cweId": "CWE-235"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "flitto",
"product": {
"product_data": [
{
"product_name": "express-param",
"version": {
"version_data": [
{
"version_value": "0.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217149",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217149"
},
{
"url": "https://vuldb.com/?ctiid.217149",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217149"
},
{
"url": "https://github.com/flitto/express-param/pull/19",
"refsource": "MISC",
"name": "https://github.com/flitto/express-param/pull/19"
},
{
"url": "https://github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db",
"refsource": "MISC",
"name": "https://github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db"
},
{
"url": "https://github.com/flitto/express-param/releases/tag/1.0.0",
"refsource": "MISC",
"name": "https://github.com/flitto/express-param/releases/tag/1.0.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

131
2018/25xxx/CVE-2018-25061.json Normal file
View File

@ -0,0 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25061",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in rgb2hex bis 0.1.5 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Dank der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.1.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9e0c38594432edfa64136fdf7bb651835e17c34f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "rgb2hex",
"version": {
"version_data": [
{
"version_value": "0.1.0",
"version_affected": "="
},
{
"version_value": "0.1.1",
"version_affected": "="
},
{
"version_value": "0.1.2",
"version_affected": "="
},
{
"version_value": "0.1.3",
"version_affected": "="
},
{
"version_value": "0.1.4",
"version_affected": "="
},
{
"version_value": "0.1.5",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217151",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217151"
},
{
"url": "https://vuldb.com/?ctiid.217151",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217151"
},
{
"url": "https://github.com/christian-bromann/rgb2hex/commit/9e0c38594432edfa64136fdf7bb651835e17c34f",
"refsource": "MISC",
"name": "https://github.com/christian-bromann/rgb2hex/commit/9e0c38594432edfa64136fdf7bb651835e17c34f"
},
{
"url": "https://github.com/christian-bromann/rgb2hex/releases/tag/v0.1.6",
"refsource": "MISC",
"name": "https://github.com/christian-bromann/rgb2hex/releases/tag/v0.1.6"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

5
2022/40xxx/CVE-2022-40150.json
View File

@ -82,6 +82,11 @@
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"
}
]
},

5
2022/45xxx/CVE-2022-45685.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/jettison-json/jettison/issues/54",
"refsource": "MISC",
"name": "https://github.com/jettison-json/jettison/issues/54"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"
}
]
}

5
2022/45xxx/CVE-2022-45693.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/jettison-json/jettison/issues/52",
"refsource": "MISC",
"name": "https://github.com/jettison-json/jettison/issues/52"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"
}
]
}