admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-07 00:00:40 +00:00
parent d7aea538a4
commit dc2c16df04
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 275 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2017/20xxx/CVE-2017-20181.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-20181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328."
},
{
"lang": "deu",
"value": "In hgzojer Vocable Trainer bis 1.3.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei src/at/hgz/vocabletrainer/VocableTrainerProvider.java. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 1.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als accf6838078f8eb105cfc7865aba5c705fb68426 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Path Traversal",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hgzojer",
"product": {
"product_data": [
{
"product_name": "Vocable Trainer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.222328",
"refsource": "MISC",
"name": "https://vuldb.com/?id.222328"
},
{
"url": "https://vuldb.com/?ctiid.222328",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.222328"
},
{
"url": "https://github.com/hgzojer/vocabletrainer/commit/accf6838078f8eb105cfc7865aba5c705fb68426",
"refsource": "MISC",
"name": "https://github.com/hgzojer/vocabletrainer/commit/accf6838078f8eb105cfc7865aba5c705fb68426"
},
{
"url": "https://github.com/hgzojer/vocabletrainer/releases/tag/v1.3.1",
"refsource": "MISC",
"name": "https://github.com/hgzojer/vocabletrainer/releases/tag/v1.3.1"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

166
2023/1xxx/CVE-2023-1211.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1211",
"STATE": "PUBLIC",
"TITLE": " SQL Injection in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v1.5.2"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1211",
"STATE": "PUBLIC",
"TITLE": " SQL Injection in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v1.5.2"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
}
]
},
"vendor_name": "phpipam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": " SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd"
},
{
"name": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922"
}
]
},
"source": {
"advisory": "ed569124-2aeb-4b0d-a312-435460892afd",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd"
},
{
"name": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922"
}
]
},
"source": {
"advisory": "ed569124-2aeb-4b0d-a312-435460892afd",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1212.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1212",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v1.5.2"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1212",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in phpipam/phpipam"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpipam/phpipam",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v1.5.2"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
}
]
},
"vendor_name": "phpipam"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499"
},
{
"name": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960"
}
]
},
"source": {
"advisory": "3d5199d6-9bb2-4f7b-bd81-bded704da499",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d5199d6-9bb2-4f7b-bd81-bded704da499"
},
{
"name": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/78e0470100a6cb143fe9af2e336dce80e4620960"
}
]
},
"source": {
"advisory": "3d5199d6-9bb2-4f7b-bd81-bded704da499",
"discovery": "EXTERNAL"
}
}