diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 000000000000..c43d64e3c23b Binary files /dev/null and b/.DS_Store differ diff --git a/2007/10xxx/CVE-2007-10001.json b/2007/10xxx/CVE-2007-10001.json new file mode 100644 index 000000000000..439e6a8d6358 --- /dev/null +++ b/2007/10xxx/CVE-2007-10001.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2007-10001", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in web-cyradm entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei search.php. Dank Manipulation des Arguments searchstring mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "web-cyradm", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217449", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217449" + }, + { + "url": "https://vuldb.com/?ctiid.217449", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217449" + }, + { + "url": "https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1", + "refsource": "MISC", + "name": "https://github.com/web-cyradm/web-cyradm/commit/3e8f0717f133907bb6a09cb674b05c5f273da3e1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2007/10xxx/CVE-2007-10002.json b/2007/10xxx/CVE-2007-10002.json new file mode 100644 index 000000000000..5d25aa8af693 --- /dev/null +++ b/2007/10xxx/CVE-2007-10002.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2007-10002", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in web-cyradm entdeckt. Davon betroffen ist unbekannter Code der Datei auth.inc.php. Mittels dem Manipulieren des Arguments login/login_password/LANG mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "web-cyradm", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217640", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217640" + }, + { + "url": "https://vuldb.com/?ctiid.217640", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217640" + }, + { + "url": "https://github.com/web-cyradm/web-cyradm/commit/2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f", + "refsource": "MISC", + "name": "https://github.com/web-cyradm/web-cyradm/commit/2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2010/10xxx/CVE-2010-10002.json b/2010/10xxx/CVE-2010-10002.json new file mode 100644 index 000000000000..551cc94e0435 --- /dev/null +++ b/2010/10xxx/CVE-2010-10002.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2010-10002", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine problematische Schwachstelle in SimpleSAMLphp simplesamlphp-module-openid entdeckt. Es betrifft eine unbekannte Funktion der Datei templates/consumer.php der Komponente OpenID Handler. Durch Manipulieren des Arguments AuthState mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d652d41ccaf8c45d5707e741c0c5d82a2365a9a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SimpleSAMLphp", + "product": { + "product_data": [ + { + "product_name": "simplesamlphp-module-openid", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217170", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217170" + }, + { + "url": "https://vuldb.com/?ctiid.217170", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217170" + }, + { + "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3" + }, + { + "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2010/10xxx/CVE-2010-10003.json b/2010/10xxx/CVE-2010-10003.json new file mode 100644 index 000000000000..9889e461b73d --- /dev/null +++ b/2010/10xxx/CVE-2010-10003.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2010-10003", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in gesellix titlelink. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The name of the patch is b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351." + }, + { + "lang": "deu", + "value": "In gesellix titlelink wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei plugin_content_title.php. Mit der Manipulation des Arguments phrase mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b4604e523853965fa981a4e79aef4b554a535db0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gesellix", + "product": { + "product_data": [ + { + "product_name": "titlelink", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217351", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217351" + }, + { + "url": "https://vuldb.com/?ctiid.217351", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217351" + }, + { + "url": "https://github.com/gesellix/titlelink/commit/b4604e523853965fa981a4e79aef4b554a535db0", + "refsource": "MISC", + "name": "https://github.com/gesellix/titlelink/commit/b4604e523853965fa981a4e79aef4b554a535db0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2010/10xxx/CVE-2010-10004.json b/2010/10xxx/CVE-2010-10004.json new file mode 100644 index 000000000000..1ee5b51897f5 --- /dev/null +++ b/2010/10xxx/CVE-2010-10004.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2010-10004", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Information Cards Module and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Information Cards Module gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f6bfea49ae16dc6e179df8306d39c3694f1ef186 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Information Cards Module", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217661", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217661" + }, + { + "url": "https://vuldb.com/?ctiid.217661", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217661" + }, + { + "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186" + }, + { + "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0", + "refsource": "MISC", + "name": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2012/10xxx/CVE-2012-10002.json b/2012/10xxx/CVE-2012-10002.json new file mode 100644 index 000000000000..84b93874d705 --- /dev/null +++ b/2012/10xxx/CVE-2012-10002.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2012-10002", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267." + }, + { + "lang": "deu", + "value": "In ahmyi RivetTracker wurde eine problematische Schwachstelle ausgemacht. Betroffen ist die Funktion changeColor der Datei css.php. Mittels Manipulieren des Arguments set_css mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 45a0f33876d58cb7e4a0f17da149e58fc893b858 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ahmyi", + "product": { + "product_data": [ + { + "product_name": "RivetTracker", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217267", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217267" + }, + { + "url": "https://vuldb.com/?ctiid.217267", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217267" + }, + { + "url": "https://github.com/ahmyi/rivettracker/pull/1", + "refsource": "MISC", + "name": "https://github.com/ahmyi/rivettracker/pull/1" + }, + { + "url": "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858", + "refsource": "MISC", + "name": "https://github.com/ahmyi/rivettracker/commit/45a0f33876d58cb7e4a0f17da149e58fc893b858" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2012/10xxx/CVE-2012-10003.json b/2012/10xxx/CVE-2012-10003.json new file mode 100644 index 000000000000..e01ae0c6eca9 --- /dev/null +++ b/2012/10xxx/CVE-2012-10003.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2012-10003", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ahmyi RivetTracker entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Beeinflussen des Arguments $_SERVER['PHP_SELF'] mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als f053c5cc2bc44269b0496b5f275e349928a92ef9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ahmyi", + "product": { + "product_data": [ + { + "product_name": "RivetTracker", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ahmyi/rivettracker/pull/1", + "refsource": "MISC", + "name": "https://github.com/ahmyi/rivettracker/pull/1" + }, + { + "url": "https://vuldb.com/?id.217271", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217271" + }, + { + "url": "https://vuldb.com/?ctiid.217271", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217271" + }, + { + "url": "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9", + "refsource": "MISC", + "name": "https://github.com/ahmyi/rivettracker/commit/f053c5cc2bc44269b0496b5f275e349928a92ef9" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2012/10xxx/CVE-2012-10004.json b/2012/10xxx/CVE-2012-10004.json new file mode 100644 index 000000000000..faef8f44f0bd --- /dev/null +++ b/2012/10xxx/CVE-2012-10004.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2012-10004", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in backdrop-contrib Basic Cart. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The name of the patch is a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in backdrop-contrib Basic Cart ausgemacht. Es betrifft die Funktion basic_cart_checkout_form_submit der Datei basic_cart.cart.inc. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.x-1.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a10424ccd4b3b4b433cf33b73c1ad608b11890b4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "backdrop-contrib", + "product": { + "product_data": [ + { + "product_name": "Basic Cart", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217950", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217950" + }, + { + "url": "https://vuldb.com/?ctiid.217950", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217950" + }, + { + "url": "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4", + "refsource": "MISC", + "name": "https://github.com/backdrop-contrib/basic_cart/commit/a10424ccd4b3b4b433cf33b73c1ad608b11890b4" + }, + { + "url": "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1", + "refsource": "MISC", + "name": "https://github.com/backdrop-contrib/basic_cart/releases/tag/1.x-1.1.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2013/10xxx/CVE-2013-10005.json b/2013/10xxx/CVE-2013-10005.json index 631087178301..8eb28780b15a 100644 --- a/2013/10xxx/CVE-2013-10005.json +++ b/2013/10xxx/CVE-2013-10005.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2013-10005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/btcsuite/go-socks", + "product": { + "product_data": [ + { + "product_name": "github.com/btcsuite/go-socks/socks", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "github.com/btcsuitereleases/go-socks", + "product": { + "product_data": [ + { + "product_name": "github.com/btcsuitereleases/go-socks/socks", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc", + "refsource": "MISC", + "name": "https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0024", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0024" } ] } diff --git a/2013/10xxx/CVE-2013-10006.json b/2013/10xxx/CVE-2013-10006.json new file mode 100644 index 000000000000..fe292875b609 --- /dev/null +++ b/2013/10xxx/CVE-2013-10006.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2013-10006", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171." + }, + { + "lang": "deu", + "value": "In Ziftr primecoin bis 0.8.4rc1 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion HTTPAuthorized der Datei src/bitcoinrpc.cpp. Durch das Beeinflussen des Arguments strUserPass/strRPCUserColonPass mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.8.4rc2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cdb3441b5cd2c1bae49fae671dc4a496f7c96322 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208 Observable Timing Discrepancy", + "cweId": "CWE-208" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ziftr", + "product": { + "product_data": [ + { + "product_name": "primecoin", + "version": { + "version_data": [ + { + "version_value": "0.8.4rc1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217171", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217171" + }, + { + "url": "https://vuldb.com/?ctiid.217171", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217171" + }, + { + "url": "https://github.com/Ziftr/primecoin/commit/cdb3441b5cd2c1bae49fae671dc4a496f7c96322", + "refsource": "MISC", + "name": "https://github.com/Ziftr/primecoin/commit/cdb3441b5cd2c1bae49fae671dc4a496f7c96322" + }, + { + "url": "https://github.com/Ziftr/primecoin/releases/tag/v0.8.4rc2", + "refsource": "MISC", + "name": "https://github.com/Ziftr/primecoin/releases/tag/v0.8.4rc2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2013/10xxx/CVE-2013-10007.json b/2013/10xxx/CVE-2013-10007.json new file mode 100644 index 000000000000..193e9b6fd391 --- /dev/null +++ b/2013/10xxx/CVE-2013-10007.json @@ -0,0 +1,119 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2013-10007", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in ethitter WP-Print-Friendly bis 0.5.2 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei wp-print-friendly.php. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 0.5.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 437787292670c20b4abe20160ebbe8428187f2b4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Disclosure", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ethitter", + "product": { + "product_data": [ + { + "product_name": "WP-Print-Friendly", + "version": { + "version_data": [ + { + "version_value": "0.5.0", + "version_affected": "=" + }, + { + "version_value": "0.5.1", + "version_affected": "=" + }, + { + "version_value": "0.5.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217269", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217269" + }, + { + "url": "https://vuldb.com/?ctiid.217269", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217269" + }, + { + "url": "https://github.com/ethitter/WP-Print-Friendly/pull/4", + "refsource": "MISC", + "name": "https://github.com/ethitter/WP-Print-Friendly/pull/4" + }, + { + "url": "https://github.com/ethitter/WP-Print-Friendly/commit/437787292670c20b4abe20160ebbe8428187f2b4", + "refsource": "MISC", + "name": "https://github.com/ethitter/WP-Print-Friendly/commit/437787292670c20b4abe20160ebbe8428187f2b4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2013/10xxx/CVE-2013-10008.json b/2013/10xxx/CVE-2013-10008.json new file mode 100644 index 000000000000..40b9c98dc01f --- /dev/null +++ b/2013/10xxx/CVE-2013-10008.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2013-10008", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in sheilazpy eShop ausgemacht. Es geht dabei um eine nicht klar definierte Funktion. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als e096c5849c4dc09e1074104531014a62a5413884 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sheilazpy", + "product": { + "product_data": [ + { + "product_name": "eShop", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217572", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217572" + }, + { + "url": "https://vuldb.com/?ctiid.217572", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217572" + }, + { + "url": "https://github.com/sheilazpy/eShop/commit/e096c5849c4dc09e1074104531014a62a5413884", + "refsource": "MISC", + "name": "https://github.com/sheilazpy/eShop/commit/e096c5849c4dc09e1074104531014a62a5413884" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2013/10xxx/CVE-2013-10009.json b/2013/10xxx/CVE-2013-10009.json new file mode 100644 index 000000000000..a4ec81e2909c --- /dev/null +++ b/2013/10xxx/CVE-2013-10009.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2013-10009", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The name of the patch is 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in DrAzraelTod pyChao gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion klauen/lesen der Datei mod_fun/__init__.py. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 9d8adbc07c384ba51c2583ce0819c9abb77dc648 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DrAzraelTod", + "product": { + "product_data": [ + { + "product_name": "pyChao", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217634", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217634" + }, + { + "url": "https://vuldb.com/?ctiid.217634", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217634" + }, + { + "url": "https://github.com/DrAzraelTod/pyChao/pull/1", + "refsource": "MISC", + "name": "https://github.com/DrAzraelTod/pyChao/pull/1" + }, + { + "url": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648", + "refsource": "MISC", + "name": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2013/10xxx/CVE-2013-10010.json b/2013/10xxx/CVE-2013-10010.json new file mode 100644 index 000000000000..6dd704d1c87c --- /dev/null +++ b/2013/10xxx/CVE-2013-10010.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2013-10010", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in zerochplus entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion PrintResList der Datei test/mordor/thread.res.pl. Durch das Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 9ddf9ecca8565341d8d26a3b2f64540bde4fa273 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "zerochplus", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218007", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218007" + }, + { + "url": "https://vuldb.com/?ctiid.218007", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218007" + }, + { + "url": "https://github.com/zerochplus/zerochplus/commit/9ddf9ecca8565341d8d26a3b2f64540bde4fa273", + "refsource": "MISC", + "name": "https://github.com/zerochplus/zerochplus/commit/9ddf9ecca8565341d8d26a3b2f64540bde4fa273" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125026.json b/2014/125xxx/CVE-2014-125026.json index 8df77f001c24..0b7876995237 100644 --- a/2014/125xxx/CVE-2014-125026.json +++ b/2014/125xxx/CVE-2014-125026.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2014-125026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/cloudflare/golz4", + "product": { + "product_data": [ + { + "product_name": "github.com/cloudflare/golz4", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898", + "refsource": "MISC", + "name": "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898" + }, + { + "url": "https://github.com/cloudflare/golz4/issues/5", + "refsource": "MISC", + "name": "https://github.com/cloudflare/golz4/issues/5" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0022", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0022" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "Yann Collet" + } + ] } \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125027.json b/2014/125xxx/CVE-2014-125027.json new file mode 100644 index 000000000000..25986313ba8a --- /dev/null +++ b/2014/125xxx/CVE-2014-125027.json @@ -0,0 +1,179 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125027", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The name of the patch is 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147." + }, + { + "lang": "deu", + "value": "In Yuna Scatari TBDev bis 2.1.17 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion get_user_icons der Datei usersearch.php. Durch das Manipulieren des Arguments n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.1.18 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yuna Scatari", + "product": { + "product_data": [ + { + "product_name": "TBDev", + "version": { + "version_data": [ + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "2.1.1", + "version_affected": "=" + }, + { + "version_value": "2.1.2", + "version_affected": "=" + }, + { + "version_value": "2.1.3", + "version_affected": "=" + }, + { + "version_value": "2.1.4", + "version_affected": "=" + }, + { + "version_value": "2.1.5", + "version_affected": "=" + }, + { + "version_value": "2.1.6", + "version_affected": "=" + }, + { + "version_value": "2.1.7", + "version_affected": "=" + }, + { + "version_value": "2.1.8", + "version_affected": "=" + }, + { + "version_value": "2.1.9", + "version_affected": "=" + }, + { + "version_value": "2.1.10", + "version_affected": "=" + }, + { + "version_value": "2.1.11", + "version_affected": "=" + }, + { + "version_value": "2.1.12", + "version_affected": "=" + }, + { + "version_value": "2.1.13", + "version_affected": "=" + }, + { + "version_value": "2.1.14", + "version_affected": "=" + }, + { + "version_value": "2.1.15", + "version_affected": "=" + }, + { + "version_value": "2.1.16", + "version_affected": "=" + }, + { + "version_value": "2.1.17", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217147", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217147" + }, + { + "url": "https://vuldb.com/?ctiid.217147", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217147" + }, + { + "url": "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4", + "refsource": "MISC", + "name": "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4" + }, + { + "url": "https://github.com/yunasc/tbdev/releases/tag/v2.1.18", + "refsource": "MISC", + "name": "https://github.com/yunasc/tbdev/releases/tag/v2.1.18" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125028.json b/2014/125xxx/CVE-2014-125028.json new file mode 100644 index 000000000000..2cfd7eaf0b3b --- /dev/null +++ b/2014/125xxx/CVE-2014-125028.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125028", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in valtech IDP Test Client gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei python-flask/main.py. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als f1e7b3d431c8681ec46445557125890c14fa295f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "valtech", + "product": { + "product_data": [ + { + "product_name": "IDP Test Client", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217148", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217148" + }, + { + "url": "https://vuldb.com/?ctiid.217148", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217148" + }, + { + "url": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f", + "refsource": "MISC", + "name": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125029.json b/2014/125xxx/CVE-2014-125029.json new file mode 100644 index 000000000000..19501ee472d3 --- /dev/null +++ b/2014/125xxx/CVE-2014-125029.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125029", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ttskch PaginationServiceProvider bis 0.x wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei demo/index.php der Komponente demo. Durch Beeinflussen des Arguments sort/id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 619de478efce17ece1a3b913ab16e40651e1ea7b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ttskch", + "product": { + "product_data": [ + { + "product_name": "PaginationServiceProvider", + "version": { + "version_data": [ + { + "version_value": "0.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217150", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217150" + }, + { + "url": "https://vuldb.com/?ctiid.217150", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217150" + }, + { + "url": "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", + "refsource": "MISC", + "name": "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b" + }, + { + "url": "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125030.json b/2014/125xxx/CVE-2014-125030.json new file mode 100644 index 000000000000..62bbaeaa237b --- /dev/null +++ b/2014/125xxx/CVE-2014-125030.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125030", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in taoeffect Empress entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Patch wird als 557e177d8a309d6f0f26de46efb38d43e000852d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-259 Use of Hard-coded Password", + "cweId": "CWE-259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "taoeffect", + "product": { + "product_data": [ + { + "product_name": "Empress", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217154", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217154" + }, + { + "url": "https://vuldb.com/?ctiid.217154", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217154" + }, + { + "url": "https://github.com/taoeffect/empress/pull/61", + "refsource": "MISC", + "name": "https://github.com/taoeffect/empress/pull/61" + }, + { + "url": "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d", + "refsource": "MISC", + "name": "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125031.json b/2014/125xxx/CVE-2014-125031.json new file mode 100644 index 000000000000..c8d3e33a1c01 --- /dev/null +++ b/2014/125xxx/CVE-2014-125031.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125031", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 1c575340539f983333aa43fc58ecd76eb53e1816. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217176." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in kirill2485 TekNet ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei pages/loggedin.php. Durch die Manipulation des Arguments statusentery mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als 1c575340539f983333aa43fc58ecd76eb53e1816 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kirill2485", + "product": { + "product_data": [ + { + "product_name": "TekNet", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217176", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217176" + }, + { + "url": "https://vuldb.com/?ctiid.217176", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217176" + }, + { + "url": "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816", + "refsource": "MISC", + "name": "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125032.json b/2014/125xxx/CVE-2014-125032.json new file mode 100644 index 000000000000..d4561bb6e695 --- /dev/null +++ b/2014/125xxx/CVE-2014-125032.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125032", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The name of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In porpeeranut go-with-me wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei module/frontend/add.php. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b92451e4f9e85e26cf493c95ea0a69e354c35df9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "porpeeranut", + "product": { + "product_data": [ + { + "product_name": "go-with-me", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217177", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217177" + }, + { + "url": "https://vuldb.com/?ctiid.217177", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217177" + }, + { + "url": "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9", + "refsource": "MISC", + "name": "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125033.json b/2014/125xxx/CVE-2014-125033.json new file mode 100644 index 000000000000..e6c5fb558e1a --- /dev/null +++ b/2014/125xxx/CVE-2014-125033.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125033", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in rails-cv-app ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei app/controllers/uploaded_files_controller.rb. Mittels dem Manipulieren mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0d20362af0a5f8a126f67c77833868908484a863 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-24 Path Traversal: '../filedir'", + "cweId": "CWE-24" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "rails-cv-app", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217178", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217178" + }, + { + "url": "https://vuldb.com/?ctiid.217178", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217178" + }, + { + "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", + "refsource": "MISC", + "name": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125034.json b/2014/125xxx/CVE-2014-125034.json new file mode 100644 index 000000000000..7acf299b564f --- /dev/null +++ b/2014/125xxx/CVE-2014-125034.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125034", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The name of the patch is 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183." + }, + { + "lang": "deu", + "value": "In stiiv contact_app wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion render der Datei libs/View.php. Durch Beeinflussen des Arguments var mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 67bec33f559da9d41a1b45eb9e992bd8683a7f8c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stiiv", + "product": { + "product_data": [ + { + "product_name": "contact_app", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217183", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217183" + }, + { + "url": "https://vuldb.com/?ctiid.217183", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217183" + }, + { + "url": "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c", + "refsource": "MISC", + "name": "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125035.json b/2014/125xxx/CVE-2014-125035.json new file mode 100644 index 000000000000..ede015323c45 --- /dev/null +++ b/2014/125xxx/CVE-2014-125035.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125035", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Jobs-Plugin wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als b8a56718b1d42834c6ec51d9c489c5dc20471d7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Jobs-Plugin", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217189", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217189" + }, + { + "url": "https://vuldb.com/?ctiid.217189", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217189" + }, + { + "url": "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2", + "refsource": "MISC", + "name": "https://github.com/mrbobbybryant/Jobs-Plugin/pull/2" + }, + { + "url": "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b", + "refsource": "MISC", + "name": "https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125036.json b/2014/125xxx/CVE-2014-125036.json new file mode 100644 index 000000000000..991d59c44530 --- /dev/null +++ b/2014/125xxx/CVE-2014-125036.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125036", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the patch is ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in drybjed ansible-ntp entdeckt. Davon betroffen ist unbekannter Code der Datei meta/main.yml. Mittels Manipulieren mit unbekannten Daten kann eine insufficient control of network message volume-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Patch wird als ed4ca2cf012677973c220cdba36b5c60bfa0260b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-406 Insufficient Control of Network Message Volume", + "cweId": "CWE-406" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "drybjed", + "product": { + "product_data": [ + { + "product_name": "ansible-ntp", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217190", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217190" + }, + { + "url": "https://vuldb.com/?ctiid.217190", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217190" + }, + { + "url": "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b", + "refsource": "MISC", + "name": "https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125037.json b/2014/125xxx/CVE-2014-125037.json new file mode 100644 index 000000000000..a0de451e2146 --- /dev/null +++ b/2014/125xxx/CVE-2014-125037.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125037", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in License to Kill gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei models/injury.rb. Durch das Manipulieren des Arguments name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als cd11cf174f361c98e9b1b4c281aa7b77f46b5078 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "License to Kill", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217191", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217191" + }, + { + "url": "https://vuldb.com/?ctiid.217191", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217191" + }, + { + "url": "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078", + "refsource": "MISC", + "name": "https://github.com/elizabrock/license-to-kill/commit/cd11cf174f361c98e9b1b4c281aa7b77f46b5078" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125038.json b/2014/125xxx/CVE-2014-125038.json new file mode 100644 index 000000000000..879264c58a1b --- /dev/null +++ b/2014/125xxx/CVE-2014-125038.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125038", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192." + }, + { + "lang": "deu", + "value": "In IS_Projecto2 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei Cnn-EJB/ejbModule/ejbs/NewsBean.java. Durch Manipulieren des Arguments date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IS_Projecto2", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217192", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217192" + }, + { + "url": "https://vuldb.com/?ctiid.217192", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217192" + }, + { + "url": "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0", + "refsource": "MISC", + "name": "https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125039.json b/2014/125xxx/CVE-2014-125039.json new file mode 100644 index 000000000000..da43b96831ac --- /dev/null +++ b/2014/125xxx/CVE-2014-125039.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125039", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217352." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in kkokko NeoXplora entdeckt. Dies betrifft einen unbekannten Teil der Komponente Trainer Handler. Durch die Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kkokko", + "product": { + "product_data": [ + { + "product_name": "NeoXplora", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217352", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217352" + }, + { + "url": "https://vuldb.com/?ctiid.217352", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217352" + }, + { + "url": "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6", + "refsource": "MISC", + "name": "https://github.com/kkokko/NeoXplora/commit/dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125040.json b/2014/125xxx/CVE-2014-125040.json new file mode 100644 index 000000000000..c1c9ea370d7f --- /dev/null +++ b/2014/125xxx/CVE-2014-125040.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125040", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in stevejagodzinski DevNewsAggregator ausgemacht. Hierbei geht es um die Funktion getByName der Datei php/data_access/RemoteHtmlContentDataAccess.php. Durch die Manipulation des Arguments name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b9de907e7a8c9ca9d75295da675e58c5bf06b172 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stevejagodzinski", + "product": { + "product_data": [ + { + "product_name": "DevNewsAggregator", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217484", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217484" + }, + { + "url": "https://vuldb.com/?ctiid.217484", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217484" + }, + { + "url": "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172", + "refsource": "MISC", + "name": "https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125041.json b/2014/125xxx/CVE-2014-125041.json new file mode 100644 index 000000000000..89bab19f19ed --- /dev/null +++ b/2014/125xxx/CVE-2014-125041.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125041", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Miccighel PR-CWT wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als e412127d07004668e5a213932c94807d87067a1f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Miccighel", + "product": { + "product_data": [ + { + "product_name": "PR-CWT", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217486", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217486" + }, + { + "url": "https://vuldb.com/?ctiid.217486", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217486" + }, + { + "url": "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f", + "refsource": "MISC", + "name": "https://github.com/Miccighel/PR-CWT/commit/e412127d07004668e5a213932c94807d87067a1f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125042.json b/2014/125xxx/CVE-2014-125042.json new file mode 100644 index 000000000000..c41911928624 --- /dev/null +++ b/2014/125xxx/CVE-2014-125042.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125042", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in vicamo NetworkManager. Affected by this vulnerability is the function nm_setting_vlan_add_priority_str/nm_utils_rsa_key_encrypt/nm_setting_vlan_add_priority_str. The manipulation leads to missing release of resource. The name of the patch is afb0e2c53c4c17dfdb89d63b39db5101cc864704. It is recommended to apply a patch to fix this issue. The identifier VDB-217513 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In vicamo NetworkManager wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion nm_setting_vlan_add_priority_str/nm_utils_rsa_key_encrypt/nm_setting_vlan_add_priority_str. Durch Beeinflussen mit unbekannten Daten kann eine missing release of resource-Schwachstelle ausgenutzt werden. Der Patch wird als afb0e2c53c4c17dfdb89d63b39db5101cc864704 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-772 Missing Release of Resource", + "cweId": "CWE-772" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vicamo", + "product": { + "product_data": [ + { + "product_name": "NetworkManager", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217513", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217513" + }, + { + "url": "https://vuldb.com/?ctiid.217513", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217513" + }, + { + "url": "https://github.com/vicamo/NetworkManager/commit/afb0e2c53c4c17dfdb89d63b39db5101cc864704", + "refsource": "MISC", + "name": "https://github.com/vicamo/NetworkManager/commit/afb0e2c53c4c17dfdb89d63b39db5101cc864704" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125043.json b/2014/125xxx/CVE-2014-125043.json new file mode 100644 index 000000000000..2f36a7a53b23 --- /dev/null +++ b/2014/125xxx/CVE-2014-125043.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125043", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in vicamo NetworkManager. Affected by this issue is the function send_arps of the file src/devices/nm-device.c. The manipulation leads to unchecked return value. The name of the patch is 4da19b89815cbf6e063e39bc33c04fe4b3f789df. It is recommended to apply a patch to fix this issue. VDB-217514 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in vicamo NetworkManager entdeckt. Hierbei geht es um die Funktion send_arps der Datei src/devices/nm-device.c. Dank der Manipulation mit unbekannten Daten kann eine unchecked return value-Schwachstelle ausgenutzt werden. Der Patch wird als 4da19b89815cbf6e063e39bc33c04fe4b3f789df bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-252 Unchecked Return Value", + "cweId": "CWE-252" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vicamo", + "product": { + "product_data": [ + { + "product_name": "NetworkManager", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217514", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217514" + }, + { + "url": "https://vuldb.com/?ctiid.217514", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217514" + }, + { + "url": "https://github.com/vicamo/NetworkManager/commit/4da19b89815cbf6e063e39bc33c04fe4b3f789df", + "refsource": "MISC", + "name": "https://github.com/vicamo/NetworkManager/commit/4da19b89815cbf6e063e39bc33c04fe4b3f789df" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125044.json b/2014/125xxx/CVE-2014-125044.json new file mode 100644 index 000000000000..f64ac4609101 --- /dev/null +++ b/2014/125xxx/CVE-2014-125044.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125044", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in soshtolsus wing-tight gefunden. Es betrifft eine unbekannte Funktion der Datei index.php. Dank Manipulation des Arguments p mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 567bc33e6ed82b0d0179c9add707ac2b257aeaf2 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 File Inclusion", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "soshtolsus", + "product": { + "product_data": [ + { + "product_name": "wing-tight", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217515", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217515" + }, + { + "url": "https://vuldb.com/?ctiid.217515", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217515" + }, + { + "url": "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2", + "refsource": "MISC", + "name": "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2" + }, + { + "url": "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125045.json b/2014/125xxx/CVE-2014-125045.json new file mode 100644 index 000000000000..8a4c84248ee2 --- /dev/null +++ b/2014/125xxx/CVE-2014-125045.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125045", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In meol1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion GetAnimal der Datei opdracht4/index.php. Dank der Manipulation des Arguments where mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 82441e413f87920d1e8f866e8ef9d7f353a7c583 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "meol1", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217525", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217525" + }, + { + "url": "https://vuldb.com/?ctiid.217525", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217525" + }, + { + "url": "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", + "refsource": "MISC", + "name": "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125046.json b/2014/125xxx/CVE-2014-125046.json new file mode 100644 index 000000000000..262f9b0edc36 --- /dev/null +++ b/2014/125xxx/CVE-2014-125046.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125046", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Seiji42 cub-scout-tracker gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei databaseAccessFunctions.js. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b4bc1a328b1f59437db159f9d136d9ed15707e31 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Seiji42", + "product": { + "product_data": [ + { + "product_name": "cub-scout-tracker", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217551", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217551" + }, + { + "url": "https://vuldb.com/?ctiid.217551", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217551" + }, + { + "url": "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31", + "refsource": "MISC", + "name": "https://github.com/Seiji42/cub-scout-tracker/commit/b4bc1a328b1f59437db159f9d136d9ed15707e31" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125047.json b/2014/125xxx/CVE-2014-125047.json new file mode 100644 index 000000000000..f61066796da4 --- /dev/null +++ b/2014/125xxx/CVE-2014-125047.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125047", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in tbezman school-store entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 2957fc97054216d3a393f1775efd01ae2b072001 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tbezman", + "product": { + "product_data": [ + { + "product_name": "school-store", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217557", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217557" + }, + { + "url": "https://vuldb.com/?ctiid.217557", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217557" + }, + { + "url": "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001", + "refsource": "MISC", + "name": "https://github.com/tbezman/school-store/commit/2957fc97054216d3a393f1775efd01ae2b072001" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125048.json b/2014/125xxx/CVE-2014-125048.json new file mode 100644 index 000000000000..c5e6eb99bfb1 --- /dev/null +++ b/2014/125xxx/CVE-2014-125048.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125048", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in kassi xingwall entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei app/controllers/oauth.js. Dank Manipulation mit unbekannten Daten kann eine session fixiation-Schwachstelle ausgenutzt werden. Der Patch wird als e9f0d509e1408743048e29d9c099d36e0e1f6ae7 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-384 Session Fixiation", + "cweId": "CWE-384" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kassi", + "product": { + "product_data": [ + { + "product_name": "xingwall", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217559", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217559" + }, + { + "url": "https://vuldb.com/?ctiid.217559", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217559" + }, + { + "url": "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "refsource": "MISC", + "name": "https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125049.json b/2014/125xxx/CVE-2014-125049.json new file mode 100644 index 000000000000..5cacfaaa4cb4 --- /dev/null +++ b/2014/125xxx/CVE-2014-125049.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125049", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine Schwachstelle in typcn Blogile gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion getNav der Datei server.js. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "typcn", + "product": { + "product_data": [ + { + "product_name": "Blogile", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217560", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217560" + }, + { + "url": "https://vuldb.com/?ctiid.217560", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217560" + }, + { + "url": "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d", + "refsource": "MISC", + "name": "https://github.com/typcn/Blogile/commit/cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125050.json b/2014/125xxx/CVE-2014-125050.json new file mode 100644 index 000000000000..1e1e1e551fae --- /dev/null +++ b/2014/125xxx/CVE-2014-125050.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125050", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ScottTZhang voter-js gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei main.js. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 6317c67a56061aeeaeed3cf9ec665fd9983d8044 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ScottTZhang", + "product": { + "product_data": [ + { + "product_name": "voter-js", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217562", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217562" + }, + { + "url": "https://vuldb.com/?ctiid.217562", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217562" + }, + { + "url": "https://github.com/ScottTZhang/voter-js/pull/15", + "refsource": "MISC", + "name": "https://github.com/ScottTZhang/voter-js/pull/15" + }, + { + "url": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044", + "refsource": "MISC", + "name": "https://github.com/ScottTZhang/voter-js/commit/6317c67a56061aeeaeed3cf9ec665fd9983d8044" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125051.json b/2014/125xxx/CVE-2014-125051.json new file mode 100644 index 000000000000..efe4a84866e4 --- /dev/null +++ b/2014/125xxx/CVE-2014-125051.json @@ -0,0 +1,139 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125051", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564." + }, + { + "lang": "deu", + "value": "In himiklab yii2-jqgrid-widget bis 1.0.7 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion addSearchOptionsRecursively der Datei JqGridAction.php. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a117e0f2df729e3ff726968794d9a5ac40e660b9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "himiklab", + "product": { + "product_data": [ + { + "product_name": "yii2-jqgrid-widget", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + }, + { + "version_value": "1.0.6", + "version_affected": "=" + }, + { + "version_value": "1.0.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217564", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217564" + }, + { + "url": "https://vuldb.com/?ctiid.217564", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217564" + }, + { + "url": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9", + "refsource": "MISC", + "name": "https://github.com/himiklab/yii2-jqgrid-widget/commit/a117e0f2df729e3ff726968794d9a5ac40e660b9" + }, + { + "url": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8", + "refsource": "MISC", + "name": "https://github.com/himiklab/yii2-jqgrid-widget/releases/tag/1.0.8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125052.json b/2014/125xxx/CVE-2014-125052.json new file mode 100644 index 000000000000..633ad8013514 --- /dev/null +++ b/2014/125xxx/CVE-2014-125052.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125052", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in JervenBolleman sparql-identifiers gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei src/main/java/org/identifiers/db/RegistryDao.java. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 44bb0db91c064e305b192fc73521d1dfd25bde52 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JervenBolleman", + "product": { + "product_data": [ + { + "product_name": "sparql-identifiers", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217571", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217571" + }, + { + "url": "https://vuldb.com/?ctiid.217571", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217571" + }, + { + "url": "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52", + "refsource": "MISC", + "name": "https://github.com/JervenBolleman/sparql-identifiers/commit/44bb0db91c064e305b192fc73521d1dfd25bde52" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125053.json b/2014/125xxx/CVE-2014-125053.json new file mode 100644 index 000000000000..9571700b9d9e --- /dev/null +++ b/2014/125xxx/CVE-2014-125053.json @@ -0,0 +1,123 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125053", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Piwigo-Guest-Book bis 1.3.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei include/guestbook.inc.php der Komponente Navigation Bar. Mit der Manipulation des Arguments start mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0cdd1c388edf15089c3a7541cefe7756e560581d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Piwigo-Guest-Book", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217582", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217582" + }, + { + "url": "https://vuldb.com/?ctiid.217582", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217582" + }, + { + "url": "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d" + }, + { + "url": "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125054.json b/2014/125xxx/CVE-2014-125054.json new file mode 100644 index 000000000000..70159420c804 --- /dev/null +++ b/2014/125xxx/CVE-2014-125054.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125054", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In koroket RedditOnRails wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Vote Handler. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 7f3c7407d95d532fcc342b00d68d0ea09ca71030 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "koroket", + "product": { + "product_data": [ + { + "product_name": "RedditOnRails", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217594", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217594" + }, + { + "url": "https://vuldb.com/?ctiid.217594", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217594" + }, + { + "url": "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030", + "refsource": "MISC", + "name": "https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125055.json b/2014/125xxx/CVE-2014-125055.json new file mode 100644 index 000000000000..a4d3936b656b --- /dev/null +++ b/2014/125xxx/CVE-2014-125055.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125055", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in agnivade easy-scrypt gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion VerifyPassphrase der Datei scrypt.go. Mittels dem Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 477c10cf3b144ddf96526aa09f5fdea613f21812 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208 Observable Timing Discrepancy", + "cweId": "CWE-208" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "agnivade", + "product": { + "product_data": [ + { + "product_name": "easy-scrypt", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217596", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217596" + }, + { + "url": "https://vuldb.com/?ctiid.217596", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217596" + }, + { + "url": "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812", + "refsource": "MISC", + "name": "https://github.com/agnivade/easy-scrypt/commit/477c10cf3b144ddf96526aa09f5fdea613f21812" + }, + { + "url": "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0", + "refsource": "MISC", + "name": "https://github.com/agnivade/easy-scrypt/releases/tag/v1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125056.json b/2014/125xxx/CVE-2014-125056.json new file mode 100644 index 000000000000..fc0e915d0ba3 --- /dev/null +++ b/2014/125xxx/CVE-2014-125056.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125056", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208 Observable Timing Discrepancy", + "cweId": "CWE-208" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pylons", + "product": { + "product_data": [ + { + "product_name": "horus", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217598", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217598" + }, + { + "url": "https://vuldb.com/?ctiid.217598", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217598" + }, + { + "url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", + "refsource": "MISC", + "name": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125057.json b/2014/125xxx/CVE-2014-125057.json new file mode 100644 index 000000000000..97cbece5f0f2 --- /dev/null +++ b/2014/125xxx/CVE-2014-125057.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125057", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in mrobit robitailletheknot ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei app/filters.php der Komponente CSRF Token Handler. Durch Manipulieren des Arguments _token mit unbekannten Daten kann eine incorrect comparison-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 6b2813696ccb88d0576dfb305122ee880eb36197 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-697 Incorrect Comparison", + "cweId": "CWE-697" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mrobit", + "product": { + "product_data": [ + { + "product_name": "robitailletheknot", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217599", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217599" + }, + { + "url": "https://vuldb.com/?ctiid.217599", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217599" + }, + { + "url": "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197", + "refsource": "MISC", + "name": "https://github.com/mrobit/robitailletheknot/commit/6b2813696ccb88d0576dfb305122ee880eb36197" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.1, + "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125058.json b/2014/125xxx/CVE-2014-125058.json new file mode 100644 index 000000000000..d4b639825491 --- /dev/null +++ b/2014/125xxx/CVE-2014-125058.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125058", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in LearnMeSomeCodes project3 gefunden. Dies betrifft die Funktion search_first_name der Datei search.rb. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LearnMeSomeCodes", + "product": { + "product_data": [ + { + "product_name": "project3", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217607", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217607" + }, + { + "url": "https://vuldb.com/?ctiid.217607", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217607" + }, + { + "url": "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e", + "refsource": "MISC", + "name": "https://github.com/LearnMeSomeCodes/project3/commit/d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125059.json b/2014/125xxx/CVE-2014-125059.json new file mode 100644 index 000000000000..f13b377a6ee0 --- /dev/null +++ b/2014/125xxx/CVE-2014-125059.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125059", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in sternenseemann sternenblog entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion blog_index der Datei main.c. Dank der Manipulation des Arguments post_path mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cf715d911d8ce17969a7926dea651e930c27e71a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 File Inclusion", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sternenseemann", + "product": { + "product_data": [ + { + "product_name": "sternenblog", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217613", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217613" + }, + { + "url": "https://vuldb.com/?ctiid.217613", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217613" + }, + { + "url": "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a", + "refsource": "MISC", + "name": "https://github.com/sternenseemann/sternenblog/commit/cf715d911d8ce17969a7926dea651e930c27e71a" + }, + { + "url": "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0", + "refsource": "MISC", + "name": "https://github.com/sternenseemann/sternenblog/releases/tag/0.1.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.6, + "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125060.json b/2014/125xxx/CVE-2014-125060.json new file mode 100644 index 000000000000..528edd521bb1 --- /dev/null +++ b/2014/125xxx/CVE-2014-125060.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125060", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in holdennb CollabCal gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion handleGet der Datei calenderServer.cpp. Dank Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als b80f6d1893607c99e5113967592417d0fe310ce6 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "holdennb", + "product": { + "product_data": [ + { + "product_name": "CollabCal", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217614", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217614" + }, + { + "url": "https://vuldb.com/?ctiid.217614", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217614" + }, + { + "url": "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6", + "refsource": "MISC", + "name": "https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125061.json b/2014/125xxx/CVE-2014-125061.json new file mode 100644 index 000000000000..864efba26daa --- /dev/null +++ b/2014/125xxx/CVE-2014-125061.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125061", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in peel filebroker gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion select_transfer_status_desc der Datei lib/common.rb. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 91097e26a6c84d3208a351afaa52e0f62e5853ef bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "peel", + "product": { + "product_data": [ + { + "product_name": "filebroker", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217616", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217616" + }, + { + "url": "https://vuldb.com/?ctiid.217616", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217616" + }, + { + "url": "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef", + "refsource": "MISC", + "name": "https://github.com/peel/filebroker/commit/91097e26a6c84d3208a351afaa52e0f62e5853ef" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125062.json b/2014/125xxx/CVE-2014-125062.json new file mode 100644 index 000000000000..7face147d054 --- /dev/null +++ b/2014/125xxx/CVE-2014-125062.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125062", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ananich bitstorm wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei announce.php. Durch Manipulieren des Arguments event mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als ea8da92f94cdb78ee7831e1f7af6258473ab396a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ananich", + "product": { + "product_data": [ + { + "product_name": "bitstorm", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217621", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217621" + }, + { + "url": "https://vuldb.com/?ctiid.217621", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217621" + }, + { + "url": "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a", + "refsource": "MISC", + "name": "https://github.com/ananich/bitstorm/commit/ea8da92f94cdb78ee7831e1f7af6258473ab396a" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125063.json b/2014/125xxx/CVE-2014-125063.json new file mode 100644 index 000000000000..fa8363f2bc09 --- /dev/null +++ b/2014/125xxx/CVE-2014-125063.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125063", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in ada-l0velace Bid gefunden. Davon betroffen ist unbekannter Code. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als abd71140b8219fa8741d0d8a57ab27d5bfd34222 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ada-l0velace", + "product": { + "product_data": [ + { + "product_name": "Bid", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217625", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217625" + }, + { + "url": "https://vuldb.com/?ctiid.217625", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217625" + }, + { + "url": "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222", + "refsource": "MISC", + "name": "https://github.com/ada-l0velace/Bid/commit/abd71140b8219fa8741d0d8a57ab27d5bfd34222" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125064.json b/2014/125xxx/CVE-2014-125064.json new file mode 100644 index 000000000000..8838da83cb8e --- /dev/null +++ b/2014/125xxx/CVE-2014-125064.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125064", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in elgs gosqljson entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion QueryDbToArray/QueryDbToMap/ExecDb der Datei gosqljson.go. Durch das Manipulieren des Arguments sqlStatement mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 2740b331546cb88eb61771df4c07d389e9f0363a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elgs", + "product": { + "product_data": [ + { + "product_name": "gosqljson", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217631", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217631" + }, + { + "url": "https://vuldb.com/?ctiid.217631", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217631" + }, + { + "url": "https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a", + "refsource": "MISC", + "name": "https://github.com/elgs/gosqljson/commit/2740b331546cb88eb61771df4c07d389e9f0363a" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125065.json b/2014/125xxx/CVE-2014-125065.json new file mode 100644 index 000000000000..d36f15761c96 --- /dev/null +++ b/2014/125xxx/CVE-2014-125065.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125065", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in john5223 bottle-auth gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 99cfbcc0c1429096e3479744223ffb4fda276875 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "john5223", + "product": { + "product_data": [ + { + "product_name": "bottle-auth", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217632", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217632" + }, + { + "url": "https://vuldb.com/?ctiid.217632", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217632" + }, + { + "url": "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875", + "refsource": "MISC", + "name": "https://github.com/john5223/bottle-auth/commit/99cfbcc0c1429096e3479744223ffb4fda276875" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125066.json b/2014/125xxx/CVE-2014-125066.json new file mode 100644 index 000000000000..6632ae00a0b1 --- /dev/null +++ b/2014/125xxx/CVE-2014-125066.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125066", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636." + }, + { + "lang": "deu", + "value": "In emmflo yuko-bot wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t. Dank Manipulation des Arguments title mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als e580584b877934a4298d4dd0c497c79e579380d0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "emmflo", + "product": { + "product_data": [ + { + "product_name": "yuko-bot", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217636", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217636" + }, + { + "url": "https://vuldb.com/?ctiid.217636", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217636" + }, + { + "url": "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0", + "refsource": "MISC", + "name": "https://github.com/emmflo/yuko-bot/commit/e580584b877934a4298d4dd0c497c79e579380d0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125067.json b/2014/125xxx/CVE-2014-125067.json new file mode 100644 index 000000000000..73e33e86a7eb --- /dev/null +++ b/2014/125xxx/CVE-2014-125067.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125067", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639." + }, + { + "lang": "deu", + "value": "In corincerami curiosity wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei app/controllers/image_controller.rb. Durch Manipulation des Arguments sol mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als d64fddd74ca72714e73f4efe24259ca05c8190eb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "corincerami", + "product": { + "product_data": [ + { + "product_name": "curiosity", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217639", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217639" + }, + { + "url": "https://vuldb.com/?ctiid.217639", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217639" + }, + { + "url": "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb", + "refsource": "MISC", + "name": "https://github.com/corincerami/curiosity/commit/d64fddd74ca72714e73f4efe24259ca05c8190eb" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125068.json b/2014/125xxx/CVE-2014-125068.json new file mode 100644 index 000000000000..a9418dcc0822 --- /dev/null +++ b/2014/125xxx/CVE-2014-125068.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125068", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in saxman maps-js-icoads gefunden. Betroffen davon ist ein unbekannter Prozess der Datei http-server.js. Durch Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als 34b8b0cce2807b119f4cffda2ac48fc8f427d69a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "saxman", + "product": { + "product_data": [ + { + "product_name": "maps-js-icoads", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217643", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217643" + }, + { + "url": "https://vuldb.com/?ctiid.217643", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217643" + }, + { + "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", + "refsource": "MISC", + "name": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125069.json b/2014/125xxx/CVE-2014-125069.json new file mode 100644 index 000000000000..c5a754367ba1 --- /dev/null +++ b/2014/125xxx/CVE-2014-125069.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125069", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in saxman maps-js-icoads ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Beeinflussen mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 34b8b0cce2807b119f4cffda2ac48fc8f427d69a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-548 Exposure of Information Through Directory Listing", + "cweId": "CWE-548" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "saxman", + "product": { + "product_data": [ + { + "product_name": "maps-js-icoads", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a", + "refsource": "MISC", + "name": "https://github.com/saxman/maps-js-icoads/commit/34b8b0cce2807b119f4cffda2ac48fc8f427d69a" + }, + { + "url": "https://vuldb.com/?id.217644", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217644" + }, + { + "url": "https://vuldb.com/?ctiid.217644", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217644" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125070.json b/2014/125xxx/CVE-2014-125070.json new file mode 100644 index 000000000000..473fddb27a0a --- /dev/null +++ b/2014/125xxx/CVE-2014-125070.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125070", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651." + }, + { + "lang": "deu", + "value": "In yanheven console wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft die Funktion get_zone_hosts/AvailabilityZonesTable der Datei openstack_dashboard/dashboards/admin/aggregates/tables.py. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als ba908ae88d5925f4f6783eb234cc4ea95017472b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yanheven", + "product": { + "product_data": [ + { + "product_name": "console", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217651", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217651" + }, + { + "url": "https://vuldb.com/?ctiid.217651", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217651" + }, + { + "url": "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b", + "refsource": "MISC", + "name": "https://github.com/yanheven/console/commit/ba908ae88d5925f4f6783eb234cc4ea95017472b" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125071.json b/2014/125xxx/CVE-2014-125071.json new file mode 100644 index 000000000000..fb3b3e450fdc --- /dev/null +++ b/2014/125xxx/CVE-2014-125071.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125071", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in lukehutch Gribbit ausgemacht. Hiervon betroffen ist die Funktion messageReceived der Datei src/gribbit/request/HttpRequestHandler.java. Durch Manipulation mit unbekannten Daten kann eine missing origin validation in websockets-Schwachstelle ausgenutzt werden. Der Patch wird als 620418df247aebda3dd4be1dda10fe229ea505dd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1385 Missing Origin Validation in WebSockets", + "cweId": "CWE-1385" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "lukehutch", + "product": { + "product_data": [ + { + "product_name": "Gribbit", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217716", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217716" + }, + { + "url": "https://vuldb.com/?ctiid.217716", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217716" + }, + { + "url": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd", + "refsource": "MISC", + "name": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125072.json b/2014/125xxx/CVE-2014-125072.json new file mode 100644 index 000000000000..4865af6eca40 --- /dev/null +++ b/2014/125xxx/CVE-2014-125072.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125072", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in CherishSin klattr entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CherishSin", + "product": { + "product_data": [ + { + "product_name": "klattr", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217719", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217719" + }, + { + "url": "https://vuldb.com/?ctiid.217719", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217719" + }, + { + "url": "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1", + "refsource": "MISC", + "name": "https://github.com/CherishSin/klattr/commit/f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125073.json b/2014/125xxx/CVE-2014-125073.json new file mode 100644 index 000000000000..072c84890251 --- /dev/null +++ b/2014/125xxx/CVE-2014-125073.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125073", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in mapoor voteapp ausgemacht. Davon betroffen ist die Funktion create_poll/do_poll/show_poll/show_refresh der Datei app.py. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b290c21a0d8bcdbd55db860afd3cadec97388e72 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mapoor", + "product": { + "product_data": [ + { + "product_name": "voteapp", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217790", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217790" + }, + { + "url": "https://vuldb.com/?ctiid.217790", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217790" + }, + { + "url": "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72", + "refsource": "MISC", + "name": "https://github.com/mapoor/voteapp/commit/b290c21a0d8bcdbd55db860afd3cadec97388e72" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125074.json b/2014/125xxx/CVE-2014-125074.json new file mode 100644 index 000000000000..5432af3370d1 --- /dev/null +++ b/2014/125xxx/CVE-2014-125074.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125074", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Nayshlok Voyager wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei Voyager/src/models/DatabaseAccess.java. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nayshlok", + "product": { + "product_data": [ + { + "product_name": "Voyager", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218005", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218005" + }, + { + "url": "https://vuldb.com/?ctiid.218005", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218005" + }, + { + "url": "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae", + "refsource": "MISC", + "name": "https://github.com/Nayshlok/Voyager/commit/f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125075.json b/2014/125xxx/CVE-2014-125075.json new file mode 100644 index 000000000000..b06e9392252c --- /dev/null +++ b/2014/125xxx/CVE-2014-125075.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125075", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in gmail-servlet gefunden. Es geht hierbei um die Funktion search der Datei src/Model.java. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5d72753c2e95bb373aa86824939397dc25f679ea bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gmail-servlet", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218021", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218021" + }, + { + "url": "https://vuldb.com/?ctiid.218021", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218021" + }, + { + "url": "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", + "refsource": "MISC", + "name": "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2014/125xxx/CVE-2014-125076.json b/2014/125xxx/CVE-2014-125076.json new file mode 100644 index 000000000000..cbdb9ed71037 --- /dev/null +++ b/2014/125xxx/CVE-2014-125076.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125076", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in NoxxieNl Criminals ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei ingame/roulette.php. Mit der Manipulation des Arguments gambleMoney mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 0a60b31271d4cbf8babe4be993d2a3a1617f0897 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NoxxieNl", + "product": { + "product_data": [ + { + "product_name": "Criminals", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218022", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218022" + }, + { + "url": "https://vuldb.com/?ctiid.218022", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218022" + }, + { + "url": "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897", + "refsource": "MISC", + "name": "https://github.com/NoxxieNl/Criminals/commit/0a60b31271d4cbf8babe4be993d2a3a1617f0897" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10004.json b/2015/10xxx/CVE-2015-10004.json index 358ae432c812..8565f9d4a7b6 100644 --- a/2015/10xxx/CVE-2015-10004.json +++ b/2015/10xxx/CVE-2015-10004.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-10004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 208: Information Exposure Through Timing Discrepancy" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/robbert229/jwt", + "product": { + "product_data": [ + { + "product_name": "github.com/robbert229/jwt", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654", + "refsource": "MISC", + "name": "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654" + }, + { + "url": "https://github.com/robbert229/jwt/issues/12", + "refsource": "MISC", + "name": "https://github.com/robbert229/jwt/issues/12" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0023", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0023" } ] } diff --git a/2015/10xxx/CVE-2015-10005.json b/2015/10xxx/CVE-2015-10005.json new file mode 100644 index 000000000000..7edf24b174ab --- /dev/null +++ b/2015/10xxx/CVE-2015-10005.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10005", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in markdown-it bis 2.x ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei lib/common/html_re.js. Durch das Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 89c8620157d6e38f9872811620d25138fc9d1b0d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "markdown-it", + "version": { + "version_data": [ + { + "version_value": "2.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216852", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216852" + }, + { + "url": "https://vuldb.com/?ctiid.216852", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216852" + }, + { + "url": "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d", + "refsource": "MISC", + "name": "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d" + }, + { + "url": "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0", + "refsource": "MISC", + "name": "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10006.json b/2015/10xxx/CVE-2015-10006.json new file mode 100644 index 000000000000..0d85cf03b93a --- /dev/null +++ b/2015/10xxx/CVE-2015-10006.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10006", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in admont28 Ingnovarq entdeckt. Dies betrifft einen unbekannten Teil der Datei app/controller/insertarSliderAjax.php. Durch Beeinflussen des Arguments imagetitle mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 9d18a39944d79dfedacd754a742df38f99d3c0e2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "admont28", + "product": { + "product_data": [ + { + "product_name": "Ingnovarq", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217172", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217172" + }, + { + "url": "https://vuldb.com/?ctiid.217172", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217172" + }, + { + "url": "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2", + "refsource": "MISC", + "name": "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10007.json b/2015/10xxx/CVE-2015-10007.json new file mode 100644 index 000000000000..443206bf7931 --- /dev/null +++ b/2015/10xxx/CVE-2015-10007.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10007", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in 82Flex WEIPDCRM gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 43bad79392332fa39e31b95268e76fbda9fec3a4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "82Flex", + "product": { + "product_data": [ + { + "product_name": "WEIPDCRM", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217184", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217184" + }, + { + "url": "https://vuldb.com/?ctiid.217184", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217184" + }, + { + "url": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", + "refsource": "MISC", + "name": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10008.json b/2015/10xxx/CVE-2015-10008.json new file mode 100644 index 000000000000..9a7d7f9538b1 --- /dev/null +++ b/2015/10xxx/CVE-2015-10008.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10008", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine Schwachstelle in 82Flex WEIPDCRM ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 43bad79392332fa39e31b95268e76fbda9fec3a4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "82Flex", + "product": { + "product_data": [ + { + "product_name": "WEIPDCRM", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", + "refsource": "MISC", + "name": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4" + }, + { + "url": "https://vuldb.com/?id.217185", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217185" + }, + { + "url": "https://vuldb.com/?ctiid.217185", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217185" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10009.json b/2015/10xxx/CVE-2015-10009.json new file mode 100644 index 000000000000..87906b7f60db --- /dev/null +++ b/2015/10xxx/CVE-2015-10009.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10009", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in nterchange bis 4.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion getContent der Datei app/controllers/code_caller_controller.php. Durch die Manipulation des Arguments q mit der Eingabe %5C%27%29;phpinfo%28%29;/* mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 4.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fba7d89176fba8fe289edd58835fe45080797d99 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nterchange", + "version": { + "version_data": [ + { + "version_value": "4.0", + "version_affected": "=" + }, + { + "version_value": "4.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217187", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217187" + }, + { + "url": "https://vuldb.com/?ctiid.217187", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217187" + }, + { + "url": "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99", + "refsource": "MISC", + "name": "https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99" + }, + { + "url": "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1", + "refsource": "MISC", + "name": "https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10010.json b/2015/10xxx/CVE-2015-10010.json new file mode 100644 index 000000000000..e8d752240e71 --- /dev/null +++ b/2015/10xxx/CVE-2015-10010.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10010", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in OpenDNS OpenResolve ausgemacht. Es geht hierbei um die Funktion get der Datei resolverapi/endpoints.py der Komponente API. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als c680170d5583cd9342fe1af43001fe8b2b8004dd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenDNS", + "product": { + "product_data": [ + { + "product_name": "OpenResolve", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217196", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217196" + }, + { + "url": "https://vuldb.com/?ctiid.217196", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217196" + }, + { + "url": "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd", + "refsource": "MISC", + "name": "https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10011.json b/2015/10xxx/CVE-2015-10011.json new file mode 100644 index 000000000000..834f9440116c --- /dev/null +++ b/2015/10xxx/CVE-2015-10011.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10011", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in OpenDNS OpenResolve entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei resolverapi/endpoints.py. Mit der Manipulation mit unbekannten Daten kann eine improper output neutralization for logs-Schwachstelle ausgenutzt werden. Der Patch wird als 9eba6ba5abd89d0e36a008921eb307fcef8c5311 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117 Improper Output Neutralization for Logs", + "cweId": "CWE-117" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenDNS", + "product": { + "product_data": [ + { + "product_name": "OpenResolve", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217197", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217197" + }, + { + "url": "https://vuldb.com/?ctiid.217197", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217197" + }, + { + "url": "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311", + "refsource": "MISC", + "name": "https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.6, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.1, + "vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10012.json b/2015/10xxx/CVE-2015-10012.json new file mode 100644 index 000000000000..eb108458867f --- /dev/null +++ b/2015/10xxx/CVE-2015-10012.json @@ -0,0 +1,123 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10012", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine problematische Schwachstelle wurde in sumocoders FrameworkUserBundle bis 1.3.x ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei Resources/views/Security/login.html.twig. Durch das Manipulieren mit unbekannten Daten kann eine information exposure through error message-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.4.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als abe4993390ba9bd7821ab12678270556645f94c8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Information Exposure Through Error Message", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sumocoders", + "product": { + "product_data": [ + { + "product_name": "FrameworkUserBundle", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217268", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217268" + }, + { + "url": "https://vuldb.com/?ctiid.217268", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217268" + }, + { + "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8", + "refsource": "MISC", + "name": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8" + }, + { + "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0", + "refsource": "MISC", + "name": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10013.json b/2015/10xxx/CVE-2015-10013.json new file mode 100644 index 000000000000..9a2902946192 --- /dev/null +++ b/2015/10xxx/CVE-2015-10013.json @@ -0,0 +1,123 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10013", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in WebDevStudios taxonomy-switcher Plugin bis 1.0.3 ausgemacht. Hiervon betroffen ist die Funktion taxonomy_switcher_init der Datei taxonomy-switcher.php. Durch das Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.0.4 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WebDevStudios", + "product": { + "product_data": [ + { + "product_name": "taxonomy-switcher Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217446", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217446" + }, + { + "url": "https://vuldb.com/?ctiid.217446", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217446" + }, + { + "url": "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099", + "refsource": "MISC", + "name": "https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099" + }, + { + "url": "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4", + "refsource": "MISC", + "name": "https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10014.json b/2015/10xxx/CVE-2015-10014.json new file mode 100644 index 000000000000..57c6066fdfd8 --- /dev/null +++ b/2015/10xxx/CVE-2015-10014.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10014", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in arekk uke entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei lib/uke/finder.rb. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "arekk", + "product": { + "product_data": [ + { + "product_name": "uke", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217485", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217485" + }, + { + "url": "https://vuldb.com/?ctiid.217485", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217485" + }, + { + "url": "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f", + "refsource": "MISC", + "name": "https://github.com/arekk/uke/commit/52fd3b2d0bc16227ef57b7b98a3658bb67c1833f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10015.json b/2015/10xxx/CVE-2015-10015.json new file mode 100644 index 000000000000..3efc203995b5 --- /dev/null +++ b/2015/10xxx/CVE-2015-10015.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10015", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in glidernet ogn-live entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als bc0f19965f760587645583b7624d66a260946e01 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "glidernet", + "product": { + "product_data": [ + { + "product_name": "ogn-live", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217487", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217487" + }, + { + "url": "https://vuldb.com/?ctiid.217487", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217487" + }, + { + "url": "https://github.com/glidernet/ogn-live/pull/11", + "refsource": "MISC", + "name": "https://github.com/glidernet/ogn-live/pull/11" + }, + { + "url": "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01", + "refsource": "MISC", + "name": "https://github.com/glidernet/ogn-live/commit/bc0f19965f760587645583b7624d66a260946e01" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10016.json b/2015/10xxx/CVE-2015-10016.json new file mode 100644 index 000000000000..46502b7efd68 --- /dev/null +++ b/2015/10xxx/CVE-2015-10016.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10016", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in jeff-kelley opensim-utils entdeckt. Davon betroffen ist die Funktion DatabaseForRegion der Datei regionscrits.php. Durch die Manipulation des Arguments region mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als c29e5c729a833a29dbf5b1e505a0553fe154575e bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jeff-kelley", + "product": { + "product_data": [ + { + "product_name": "opensim-utils", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217550", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217550" + }, + { + "url": "https://vuldb.com/?ctiid.217550", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217550" + }, + { + "url": "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e", + "refsource": "MISC", + "name": "https://github.com/jeff-kelley/opensim-utils/commit/c29e5c729a833a29dbf5b1e505a0553fe154575e" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10017.json b/2015/10xxx/CVE-2015-10017.json new file mode 100644 index 000000000000..04636edfa187 --- /dev/null +++ b/2015/10xxx/CVE-2015-10017.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10017", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552." + }, + { + "lang": "deu", + "value": "In HPI-Information-Systems ProLOD wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung. Mittels dem Manipulieren des Arguments this mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 3f710905458d49c77530bd3cbcd8960457566b73 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPI-Information-Systems", + "product": { + "product_data": [ + { + "product_name": "ProLOD", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217552", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217552" + }, + { + "url": "https://vuldb.com/?ctiid.217552", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217552" + }, + { + "url": "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73", + "refsource": "MISC", + "name": "https://github.com/HPI-Information-Systems/ProLOD/commit/3f710905458d49c77530bd3cbcd8960457566b73" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10018.json b/2015/10xxx/CVE-2015-10018.json new file mode 100644 index 000000000000..8efbf489bff3 --- /dev/null +++ b/2015/10xxx/CVE-2015-10018.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10018", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In DBRisinajumi d2files wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion actionUpload/actionDownloadFile der Datei controllers/D2filesController.php. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b5767f2ec9d0f3cbfda7f13c84740e2179c90574 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DBRisinajumi", + "product": { + "product_data": [ + { + "product_name": "d2files", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217561", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217561" + }, + { + "url": "https://vuldb.com/?ctiid.217561", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217561" + }, + { + "url": "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574", + "refsource": "MISC", + "name": "https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e2179c90574" + }, + { + "url": "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10019.json b/2015/10xxx/CVE-2015-10019.json new file mode 100644 index 000000000000..c300762d254b --- /dev/null +++ b/2015/10xxx/CVE-2015-10019.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10019", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in foxoverflow MySimplifiedSQL entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei MySimplifiedSQL_Examples.php. Durch Manipulation des Arguments FirstName/LastName mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 3b7481c72786f88041b7c2d83bb4f219f77f1293 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "foxoverflow", + "product": { + "product_data": [ + { + "product_name": "MySimplifiedSQL", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217595", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217595" + }, + { + "url": "https://vuldb.com/?ctiid.217595", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217595" + }, + { + "url": "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293", + "refsource": "MISC", + "name": "https://github.com/foxoverflow/MySimplifiedSQL/commit/3b7481c72786f88041b7c2d83bb4f219f77f1293" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10020.json b/2015/10xxx/CVE-2015-10020.json new file mode 100644 index 000000000000..cd36c85214e9 --- /dev/null +++ b/2015/10xxx/CVE-2015-10020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-10020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10021.json b/2015/10xxx/CVE-2015-10021.json new file mode 100644 index 000000000000..cdb52c3275f2 --- /dev/null +++ b/2015/10xxx/CVE-2015-10021.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10021", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in ritterim definely ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei src/database.js. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als b31a022ba4d8d17148445a13ebb5a42ad593dbaa bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ritterim", + "product": { + "product_data": [ + { + "product_name": "definely", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217608", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217608" + }, + { + "url": "https://vuldb.com/?ctiid.217608", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217608" + }, + { + "url": "https://github.com/ritterim/definely/pull/51", + "refsource": "MISC", + "name": "https://github.com/ritterim/definely/pull/51" + }, + { + "url": "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa", + "refsource": "MISC", + "name": "https://github.com/ritterim/definely/commit/b31a022ba4d8d17148445a13ebb5a42ad593dbaa" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10022.json b/2015/10xxx/CVE-2015-10022.json new file mode 100644 index 000000000000..9abdbc6c301c --- /dev/null +++ b/2015/10xxx/CVE-2015-10022.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10022", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The name of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In IISH nlgis2 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei scripts/etl/custom_import.pl. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 8bdb6fcf7209584eaf1232437f0f53e735b2b34c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IISH", + "product": { + "product_data": [ + { + "product_name": "nlgis2", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217609", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217609" + }, + { + "url": "https://vuldb.com/?ctiid.217609", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217609" + }, + { + "url": "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c", + "refsource": "MISC", + "name": "https://github.com/IISH/nlgis2/commit/8bdb6fcf7209584eaf1232437f0f53e735b2b34c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10023.json b/2015/10xxx/CVE-2015-10023.json new file mode 100644 index 000000000000..fb79e69f6e35 --- /dev/null +++ b/2015/10xxx/CVE-2015-10023.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10023", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The name of the patch is a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Fumon trello-octometric entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion main der Datei metrics-ui/server/srv.go. Durch das Beeinflussen des Arguments num mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als a1f1754933fbf21e2221fbc671c81a47de6a04ef bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fumon", + "product": { + "product_data": [ + { + "product_name": "trello-octometric", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217611", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217611" + }, + { + "url": "https://vuldb.com/?ctiid.217611", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217611" + }, + { + "url": "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef", + "refsource": "MISC", + "name": "https://github.com/Fumon/trello-octometric/commit/a1f1754933fbf21e2221fbc671c81a47de6a04ef" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10024.json b/2015/10xxx/CVE-2015-10024.json new file mode 100644 index 000000000000..04448eae4c09 --- /dev/null +++ b/2015/10xxx/CVE-2015-10024.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10024", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612." + }, + { + "lang": "deu", + "value": "In hoffie larasync wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei repository/content/file_storage.go. Durch Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als 776bad422f4bd4930d09491711246bbeb1be9ba5 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hoffie", + "product": { + "product_data": [ + { + "product_name": "larasync", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217612", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217612" + }, + { + "url": "https://vuldb.com/?ctiid.217612", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217612" + }, + { + "url": "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5", + "refsource": "MISC", + "name": "https://github.com/hoffie/larasync/commit/776bad422f4bd4930d09491711246bbeb1be9ba5" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10025.json b/2015/10xxx/CVE-2015-10025.json new file mode 100644 index 000000000000..a9b88ed26318 --- /dev/null +++ b/2015/10xxx/CVE-2015-10025.json @@ -0,0 +1,130 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10025", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The name of the patch is c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615." + }, + { + "lang": "deu", + "value": "In luelista miniConf bis 1.7.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei miniConf/MessageView.cs der Komponente URL Scanning. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.7.7 and 1.8.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c06c2e5116c306e4e1bc79779f0eda2d1182f655 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "luelista", + "product": { + "product_data": [ + { + "product_name": "miniConf", + "version": { + "version_data": [ + { + "version_value": "1.7.0", + "version_affected": "=" + }, + { + "version_value": "1.7.1", + "version_affected": "=" + }, + { + "version_value": "1.7.2", + "version_affected": "=" + }, + { + "version_value": "1.7.3", + "version_affected": "=" + }, + { + "version_value": "1.7.4", + "version_affected": "=" + }, + { + "version_value": "1.7.5", + "version_affected": "=" + }, + { + "version_value": "1.7.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217615", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217615" + }, + { + "url": "https://vuldb.com/?ctiid.217615", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217615" + }, + { + "url": "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655", + "refsource": "MISC", + "name": "https://github.com/luelista/miniConf/commit/c06c2e5116c306e4e1bc79779f0eda2d1182f655" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10026.json b/2015/10xxx/CVE-2015-10026.json new file mode 100644 index 000000000000..f3ca593b7d81 --- /dev/null +++ b/2015/10xxx/CVE-2015-10026.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10026", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The name of the patch is 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In tiredtyrant flairbot wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei flair.py. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tiredtyrant", + "product": { + "product_data": [ + { + "product_name": "flairbot", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217618", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217618" + }, + { + "url": "https://vuldb.com/?ctiid.217618", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217618" + }, + { + "url": "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb", + "refsource": "MISC", + "name": "https://github.com/tiredtyrant/flairbot/commit/5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10027.json b/2015/10xxx/CVE-2015-10027.json new file mode 100644 index 000000000000..1d2d5d241c37 --- /dev/null +++ b/2015/10xxx/CVE-2015-10027.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10027", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in hydrian TTRSS-Auth-LDAP entdeckt. Dies betrifft einen unbekannten Teil der Komponente Username Handler. Durch das Beeinflussen mit unbekannten Daten kann eine ldap injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0b1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a7f7a5a82d9202a5c40d606a5c519ba61b224eb8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-90 LDAP Injection", + "cweId": "CWE-90" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hydrian", + "product": { + "product_data": [ + { + "product_name": "TTRSS-Auth-LDAP", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217622", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217622" + }, + { + "url": "https://vuldb.com/?ctiid.217622", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217622" + }, + { + "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14", + "refsource": "MISC", + "name": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14" + }, + { + "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8", + "refsource": "MISC", + "name": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8" + }, + { + "url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1", + "refsource": "MISC", + "name": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10028.json b/2015/10xxx/CVE-2015-10028.json new file mode 100644 index 000000000000..8bd9cd81ab78 --- /dev/null +++ b/2015/10xxx/CVE-2015-10028.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10028", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624." + }, + { + "lang": "deu", + "value": "In ss15-this-is-sparta wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei js/roomElement.js der Komponente Main Page. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als ba2f71ad3a46e5949ee0c510b544fa4ea973baaa bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ss15-this-is-sparta", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217624", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217624" + }, + { + "url": "https://vuldb.com/?ctiid.217624", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217624" + }, + { + "url": "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1", + "refsource": "MISC", + "name": "https://github.com/mauriciosoares/ss15-this-is-sparta/pull/1" + }, + { + "url": "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa", + "refsource": "MISC", + "name": "https://github.com/mauriciosoares/ss15-this-is-sparta/commit/ba2f71ad3a46e5949ee0c510b544fa4ea973baaa" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10029.json b/2015/10xxx/CVE-2015-10029.json new file mode 100644 index 000000000000..ad06f792efe1 --- /dev/null +++ b/2015/10xxx/CVE-2015-10029.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10029", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In kelvinmo simplexrd bis 3.1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei simplexrd/simplexrd.class.php. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 4c9f2e028523ed705b555eca2c18c64e71f1a35d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kelvinmo", + "product": { + "product_data": [ + { + "product_name": "simplexrd", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "=" + }, + { + "version_value": "3.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217630", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217630" + }, + { + "url": "https://vuldb.com/?ctiid.217630", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217630" + }, + { + "url": "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d", + "refsource": "MISC", + "name": "https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d" + }, + { + "url": "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1", + "refsource": "MISC", + "name": "https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10030.json b/2015/10xxx/CVE-2015-10030.json new file mode 100644 index 000000000000..3e543f414ef5 --- /dev/null +++ b/2015/10xxx/CVE-2015-10030.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10030", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SUKOHI Surpass wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei src/Sukohi/Surpass/Surpass.php. Durch das Manipulieren des Arguments dir mit unbekannten Daten kann eine pathname traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d22337d453a2a14194cdb02bf12cdf9d9f827aa7 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-21 Pathname Traversal", + "cweId": "CWE-21" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SUKOHI", + "product": { + "product_data": [ + { + "product_name": "Surpass", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217642", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217642" + }, + { + "url": "https://vuldb.com/?ctiid.217642", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217642" + }, + { + "url": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7", + "refsource": "MISC", + "name": "https://github.com/SUKOHI/Surpass/commit/d22337d453a2a14194cdb02bf12cdf9d9f827aa7" + }, + { + "url": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/SUKOHI/Surpass/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10031.json b/2015/10xxx/CVE-2015-10031.json new file mode 100644 index 000000000000..9e8dde6f3df0 --- /dev/null +++ b/2015/10xxx/CVE-2015-10031.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10031", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648." + }, + { + "lang": "deu", + "value": "In purpleparrots 491-Project wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei update.php der Komponente Highscore Handler. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "purpleparrots", + "product": { + "product_data": [ + { + "product_name": "491-Project", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217648", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217648" + }, + { + "url": "https://vuldb.com/?ctiid.217648", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217648" + }, + { + "url": "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab", + "refsource": "MISC", + "name": "https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10032.json b/2015/10xxx/CVE-2015-10032.json new file mode 100644 index 000000000000..23a90ad85a93 --- /dev/null +++ b/2015/10xxx/CVE-2015-10032.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10032", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The name of the patch is 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663." + }, + { + "lang": "deu", + "value": "In HealthMateWeb wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei createaccount.php. Mittels Manipulieren des Arguments username/password/first_name/last_name/company/phone mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 472776c25b1046ecaf962c46fed7c713c72c28e3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HealthMateWeb", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217663", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217663" + }, + { + "url": "https://vuldb.com/?ctiid.217663", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217663" + }, + { + "url": "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3", + "refsource": "MISC", + "name": "https://github.com/StevenElberger/HealthMateWeb/commit/472776c25b1046ecaf962c46fed7c713c72c28e3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10033.json b/2015/10xxx/CVE-2015-10033.json new file mode 100644 index 000000000000..08cb4bbd4a58 --- /dev/null +++ b/2015/10xxx/CVE-2015-10033.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10033", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in jvvlee MerlinsBoard gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Grade Handler. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Patch wird als 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jvvlee", + "product": { + "product_data": [ + { + "product_name": "MerlinsBoard", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217713", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217713" + }, + { + "url": "https://vuldb.com/?ctiid.217713", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217713" + }, + { + "url": "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5", + "refsource": "MISC", + "name": "https://github.com/jvvlee/MerlinsBoard/commit/134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.7, + "vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10034.json b/2015/10xxx/CVE-2015-10034.json new file mode 100644 index 000000000000..3c25ebfc5273 --- /dev/null +++ b/2015/10xxx/CVE-2015-10034.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10034", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In j-nowak workout-organizer wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 13cd6c3d1210640bfdb39872b2bb3597aa991279 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "j-nowak", + "product": { + "product_data": [ + { + "product_name": "workout-organizer", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217714", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217714" + }, + { + "url": "https://vuldb.com/?ctiid.217714", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217714" + }, + { + "url": "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279", + "refsource": "MISC", + "name": "https://github.com/j-nowak/workout-organizer/commit/13cd6c3d1210640bfdb39872b2bb3597aa991279" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10035.json b/2015/10xxx/CVE-2015-10035.json new file mode 100644 index 000000000000..d66f690161dd --- /dev/null +++ b/2015/10xxx/CVE-2015-10035.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10035", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in gperson angular-test-reporter gefunden. Davon betroffen ist die Funktion getProjectTables/addTest der Datei rest-server/data-server.js. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als a29d8ae121b46ebfa96a55a9106466ab2ef166ae bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gperson", + "product": { + "product_data": [ + { + "product_name": "angular-test-reporter", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217715", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217715" + }, + { + "url": "https://vuldb.com/?ctiid.217715", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217715" + }, + { + "url": "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae", + "refsource": "MISC", + "name": "https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10036.json b/2015/10xxx/CVE-2015-10036.json new file mode 100644 index 000000000000..d7e1dd5bd65a --- /dev/null +++ b/2015/10xxx/CVE-2015-10036.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10036", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951." + }, + { + "lang": "deu", + "value": "In kylebebak dronfelipe wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 87405b74fe651892d79d0dff62ed17a7eaef6a60 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kylebebak", + "product": { + "product_data": [ + { + "product_name": "dronfelipe", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217951", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217951" + }, + { + "url": "https://vuldb.com/?ctiid.217951", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217951" + }, + { + "url": "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60", + "refsource": "MISC", + "name": "https://github.com/kylebebak/dronfelipe/commit/87405b74fe651892d79d0dff62ed17a7eaef6a60" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10037.json b/2015/10xxx/CVE-2015-10037.json new file mode 100644 index 000000000000..ca78fe418b37 --- /dev/null +++ b/2015/10xxx/CVE-2015-10037.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10037", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in ACI_Escola gefunden. Es betrifft eine unbekannte Funktion. Dank der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 34eed1f7b9295d1424912f79989d8aba5de41e9f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ACI_Escola", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217965", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217965" + }, + { + "url": "https://vuldb.com/?ctiid.217965", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217965" + }, + { + "url": "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f", + "refsource": "MISC", + "name": "https://github.com/marinaguimaraes/ACI_Escola/commit/34eed1f7b9295d1424912f79989d8aba5de41e9f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10038.json b/2015/10xxx/CVE-2015-10038.json new file mode 100644 index 000000000000..abd2d88c27ad --- /dev/null +++ b/2015/10xxx/CVE-2015-10038.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10038", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023." + }, + { + "lang": "deu", + "value": "In nym3r0s pplv2 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 28f8b0550104044da09f04659797487c59f85b00 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nym3r0s", + "product": { + "product_data": [ + { + "product_name": "pplv2", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218023", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218023" + }, + { + "url": "https://vuldb.com/?ctiid.218023", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218023" + }, + { + "url": "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00", + "refsource": "MISC", + "name": "https://github.com/nym3r0s/pplv2/commit/28f8b0550104044da09f04659797487c59f85b00" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/10xxx/CVE-2015-10039.json b/2015/10xxx/CVE-2015-10039.json new file mode 100644 index 000000000000..3671dbf3835a --- /dev/null +++ b/2015/10xxx/CVE-2015-10039.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2015-10039", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in dobos domino ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion in der Bibliothek src/Complex.Domino.Lib/Lib/EntityFactory.cs. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.1.5524.38553 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 16f039073709a21a76526110d773a6cce0ce753a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dobos", + "product": { + "product_data": [ + { + "product_name": "domino", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218024", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218024" + }, + { + "url": "https://vuldb.com/?ctiid.218024", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218024" + }, + { + "url": "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a", + "refsource": "MISC", + "name": "https://github.com/dobos/domino/commit/16f039073709a21a76526110d773a6cce0ce753a" + }, + { + "url": "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553", + "refsource": "MISC", + "name": "https://github.com/dobos/domino/releases/tag/v0.1.5524.38553" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5521.json b/2015/5xxx/CVE-2015-5521.json index d1fed1a3ff70..58d691b1b3c7 100644 --- a/2015/5xxx/CVE-2015-5521.json +++ b/2015/5xxx/CVE-2015-5521.json @@ -56,6 +56,11 @@ "name": "http://packetstormsecurity.com/files/132589/Black-Cat-CMS-1.1.2-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/132589/Black-Cat-CMS-1.1.2-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/408", + "url": "https://github.com/BlackCatDevelopment/BlackCatCMS/issues/408" } ] } diff --git a/2016/15xxx/CVE-2016-15005.json b/2016/15xxx/CVE-2016-15005.json index ac0d13bebff6..57bfb19d4e29 100644 --- a/2016/15xxx/CVE-2016-15005.json +++ b/2016/15xxx/CVE-2016-15005.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2016-15005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/dinever/golf", + "product": { + "product_data": [ + { + "product_name": "github.com/dinever/golf", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dinever/golf/pull/24", + "refsource": "MISC", + "name": "https://github.com/dinever/golf/pull/24" + }, + { + "url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe", + "refsource": "MISC", + "name": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe" + }, + { + "url": "https://github.com/dinever/golf/issues/20", + "refsource": "MISC", + "name": "https://github.com/dinever/golf/issues/20" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0045", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0045" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@elithrar" + } + ] } \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15006.json b/2016/15xxx/CVE-2016-15006.json new file mode 100644 index 000000000000..3a9bd0d45092 --- /dev/null +++ b/2016/15xxx/CVE-2016-15006.json @@ -0,0 +1,119 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15006", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)", + "cweId": "CWE-337" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "enigmaX", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + }, + { + "version_value": "2.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217181", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217181" + }, + { + "url": "https://vuldb.com/?ctiid.217181", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217181" + }, + { + "url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5", + "refsource": "MISC", + "name": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5" + }, + { + "url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3", + "refsource": "MISC", + "name": "https://github.com/pfmonville/enigmaX/releases/tag/2.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.7, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15007.json b/2016/15xxx/CVE-2016-15007.json new file mode 100644 index 000000000000..4068d4d4d4cb --- /dev/null +++ b/2016/15xxx/CVE-2016-15007.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15007", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195." + }, + { + "lang": "deu", + "value": "In Centralized-Salesforce-Dev-Framework wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion SObjectService der Datei src/classes/SObjectService.cls der Komponente SOQL Handler. Dank der Manipulation des Arguments orderDirection mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Patch wird als db03ac5b8a9d830095991b529c067a030a0ccf7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Centralized-Salesforce-Dev-Framework", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217195", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217195" + }, + { + "url": "https://vuldb.com/?ctiid.217195", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217195" + }, + { + "url": "https://github.com/scottbcovert/Centralized-Salesforce-Dev-Framework/commit/db03ac5b8a9d830095991b529c067a030a0ccf7b", + "refsource": "MISC", + "name": "https://github.com/scottbcovert/Centralized-Salesforce-Dev-Framework/commit/db03ac5b8a9d830095991b529c067a030a0ccf7b" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15008.json b/2016/15xxx/CVE-2016-15008.json new file mode 100644 index 000000000000..6a1f4c4dc454 --- /dev/null +++ b/2016/15xxx/CVE-2016-15008.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15008", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in oxguy3 coebot-www gefunden. Davon betroffen ist die Funktion displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir der Datei js/channel.js. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als c1a6c44092585da4236237e0e7da94ee2996a0ca bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "oxguy3", + "product": { + "product_data": [ + { + "product_name": "coebot-www", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217355", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217355" + }, + { + "url": "https://vuldb.com/?ctiid.217355", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217355" + }, + { + "url": "https://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0ca", + "refsource": "MISC", + "name": "https://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0ca" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15009.json b/2016/15xxx/CVE-2016-15009.json new file mode 100644 index 000000000000..a7ad6fb28c62 --- /dev/null +++ b/2016/15xxx/CVE-2016-15009.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15009", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in OpenACS bug-tracker entdeckt. Es betrifft eine unbekannte Funktion der Datei lib/nav-bar.adp der Komponente Search. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als aee43e5714cd8b697355ec3bf83eefee176d3fc3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenACS", + "product": { + "product_data": [ + { + "product_name": "bug-tracker", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217440", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217440" + }, + { + "url": "https://vuldb.com/?ctiid.217440", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217440" + }, + { + "url": "https://github.com/openacs/bug-tracker/commit/aee43e5714cd8b697355ec3bf83eefee176d3fc3", + "refsource": "MISC", + "name": "https://github.com/openacs/bug-tracker/commit/aee43e5714cd8b697355ec3bf83eefee176d3fc3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15010.json b/2016/15xxx/CVE-2016-15010.json new file mode 100644 index 000000000000..dfe712a5bf54 --- /dev/null +++ b/2016/15xxx/CVE-2016-15010.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15010", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **In University of Cambridge django-ucamlookup bis 1.9.1 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Lookup Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.9.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "University of Cambridge", + "product": { + "product_data": [ + { + "product_name": "django-ucamlookup", + "version": { + "version_data": [ + { + "version_value": "1.9.0", + "version_affected": "=" + }, + { + "version_value": "1.9.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217441", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217441" + }, + { + "url": "https://vuldb.com/?ctiid.217441", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217441" + }, + { + "url": "https://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3", + "refsource": "MISC", + "name": "https://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3" + }, + { + "url": "https://github.com/uisautomation/django-ucamlookup/releases/tag/1.9.2", + "refsource": "MISC", + "name": "https://github.com/uisautomation/django-ucamlookup/releases/tag/1.9.2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15011.json b/2016/15xxx/CVE-2016-15011.json new file mode 100644 index 000000000000..7ba919c07075 --- /dev/null +++ b/2016/15xxx/CVE-2016-15011.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15011", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In e-Contract dssp bis 1.3.1 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es die Funktion checkSignResponse der Datei dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. Mit der Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ec4238349691ec66dd30b416ec6eaab02d722302 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "e-Contract", + "product": { + "product_data": [ + { + "product_name": "dssp", + "version": { + "version_data": [ + { + "version_value": "1.3.0", + "version_affected": "=" + }, + { + "version_value": "1.3.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217549", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217549" + }, + { + "url": "https://vuldb.com/?ctiid.217549", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217549" + }, + { + "url": "https://github.com/e-Contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302", + "refsource": "MISC", + "name": "https://github.com/e-Contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302" + }, + { + "url": "https://github.com/e-Contract/dssp/releases/tag/dssp-1.3.2", + "refsource": "MISC", + "name": "https://github.com/e-Contract/dssp/releases/tag/dssp-1.3.2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15012.json b/2016/15xxx/CVE-2016-15012.json new file mode 100644 index 000000000000..1cd7257f03b6 --- /dev/null +++ b/2016/15xxx/CVE-2016-15012.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15012", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in forcedotcom SalesforceMobileSDK-Windows bis 4.x ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion ComputeCountSql der Datei SalesforceSDK/SmartStore/Store/QuerySpec.cs. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "forcedotcom", + "product": { + "product_data": [ + { + "product_name": "SalesforceMobileSDK-Windows", + "version": { + "version_data": [ + { + "version_value": "4.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217619", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217619" + }, + { + "url": "https://vuldb.com/?ctiid.217619", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217619" + }, + { + "url": "https://github.com/forcedotcom/SalesforceMobileSDK-Windows/commit/83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8", + "refsource": "MISC", + "name": "https://github.com/forcedotcom/SalesforceMobileSDK-Windows/commit/83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8" + }, + { + "url": "https://github.com/forcedotcom/SalesforceMobileSDK-Windows/releases/tag/v5.0.0", + "refsource": "MISC", + "name": "https://github.com/forcedotcom/SalesforceMobileSDK-Windows/releases/tag/v5.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15013.json b/2016/15xxx/CVE-2016-15013.json new file mode 100644 index 000000000000..6d2236ccebba --- /dev/null +++ b/2016/15xxx/CVE-2016-15013.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15013", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in ForumHulp searchresults ausgemacht. Betroffen davon ist die Funktion list_keywords der Datei event/listener.php. Durch Manipulation des Arguments word mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als dd8a312bb285ad9735a8e1da58e9e955837b7322 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ForumHulp", + "product": { + "product_data": [ + { + "product_name": "searchresults", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217628", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217628" + }, + { + "url": "https://vuldb.com/?ctiid.217628", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217628" + }, + { + "url": "https://github.com/ForumHulp/searchresults/pull/2", + "refsource": "MISC", + "name": "https://github.com/ForumHulp/searchresults/pull/2" + }, + { + "url": "https://github.com/ForumHulp/searchresults/commit/dd8a312bb285ad9735a8e1da58e9e955837b7322", + "refsource": "MISC", + "name": "https://github.com/ForumHulp/searchresults/commit/dd8a312bb285ad9735a8e1da58e9e955837b7322" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15014.json b/2016/15xxx/CVE-2016-15014.json new file mode 100644 index 000000000000..622381beedd0 --- /dev/null +++ b/2016/15xxx/CVE-2016-15014.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15014", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In CESNET theme-cesnet bis 1.x wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei cesnet/core/lostpassword/templates/resetpassword.php. Durch das Beeinflussen mit unbekannten Daten kann eine insufficiently protected credentials-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CESNET", + "product": { + "product_data": [ + { + "product_name": "theme-cesnet", + "version": { + "version_data": [ + { + "version_value": "1.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217633", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217633" + }, + { + "url": "https://vuldb.com/?ctiid.217633", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217633" + }, + { + "url": "https://github.com/CESNET/theme-cesnet/pull/1", + "refsource": "MISC", + "name": "https://github.com/CESNET/theme-cesnet/pull/1" + }, + { + "url": "https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6", + "refsource": "MISC", + "name": "https://github.com/CESNET/theme-cesnet/commit/2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6" + }, + { + "url": "https://github.com/CESNET/theme-cesnet/releases/tag/2.0.0", + "refsource": "MISC", + "name": "https://github.com/CESNET/theme-cesnet/releases/tag/2.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.7, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15015.json b/2016/15xxx/CVE-2016-15015.json new file mode 100644 index 000000000000..f7008a29ac66 --- /dev/null +++ b/2016/15xxx/CVE-2016-15015.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15015", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in viafintech Barzahlen Payment Module PHP SDK bis 2.0.0 gefunden. Sie wurde als problematisch eingestuft. Es betrifft die Funktion verify der Datei src/Webhook.php. Durch Manipulation mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 3e7d29dc0ca6c054a6d6e211f32dae89078594c1 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208 Observable Timing Discrepancy", + "cweId": "CWE-208" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "viafintech", + "product": { + "product_data": [ + { + "product_name": "Barzahlen Payment Module PHP SDK", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217650", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217650" + }, + { + "url": "https://vuldb.com/?ctiid.217650", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217650" + }, + { + "url": "https://github.com/viafintech/Barzahlen-PHP/pull/8", + "refsource": "MISC", + "name": "https://github.com/viafintech/Barzahlen-PHP/pull/8" + }, + { + "url": "https://github.com/viafintech/Barzahlen-PHP/commit/3e7d29dc0ca6c054a6d6e211f32dae89078594c1", + "refsource": "MISC", + "name": "https://github.com/viafintech/Barzahlen-PHP/commit/3e7d29dc0ca6c054a6d6e211f32dae89078594c1" + }, + { + "url": "https://github.com/viafintech/Barzahlen-PHP/releases/tag/v2.0.1", + "refsource": "MISC", + "name": "https://github.com/viafintech/Barzahlen-PHP/releases/tag/v2.0.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15016.json b/2016/15xxx/CVE-2016-15016.json new file mode 100644 index 000000000000..a90f7b9e4760 --- /dev/null +++ b/2016/15xxx/CVE-2016-15016.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15016", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The name of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in mrtnmtth joomla_mod_einsatz_stats bis 0.2 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion getStatsByType der Datei helper.php. Durch das Manipulieren des Arguments year mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mrtnmtth", + "product": { + "product_data": [ + { + "product_name": "joomla_mod_einsatz_stats", + "version": { + "version_data": [ + { + "version_value": "0.1", + "version_affected": "=" + }, + { + "version_value": "0.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217653", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217653" + }, + { + "url": "https://vuldb.com/?ctiid.217653", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217653" + }, + { + "url": "https://github.com/mrtnmtth/joomla_mod_einsatz_stats/commit/27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb", + "refsource": "MISC", + "name": "https://github.com/mrtnmtth/joomla_mod_einsatz_stats/commit/27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb" + }, + { + "url": "https://github.com/mrtnmtth/joomla_mod_einsatz_stats/releases/tag/v0.3", + "refsource": "MISC", + "name": "https://github.com/mrtnmtth/joomla_mod_einsatz_stats/releases/tag/v0.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/15xxx/CVE-2016-15017.json b/2016/15xxx/CVE-2016-15017.json new file mode 100644 index 000000000000..1a7404929851 --- /dev/null +++ b/2016/15xxx/CVE-2016-15017.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2016-15017", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In fabarea media_upload wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion getUploadedFileList der Datei Classes/Service/UploadFileService.php. Durch Manipulieren mit unbekannten Daten kann eine pathname traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.9.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b25d42a4981072321c1a363311d8ea2a4ac8763a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-21 Pathname Traversal", + "cweId": "CWE-21" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "fabarea", + "product": { + "product_data": [ + { + "product_name": "media_upload", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217786", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217786" + }, + { + "url": "https://vuldb.com/?ctiid.217786", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217786" + }, + { + "url": "https://github.com/fabarea/media_upload/issues/6", + "refsource": "MISC", + "name": "https://github.com/fabarea/media_upload/issues/6" + }, + { + "url": "https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a", + "refsource": "MISC", + "name": "https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a" + }, + { + "url": "https://github.com/fabarea/media_upload/releases/tag/0.9.0", + "refsource": "MISC", + "name": "https://github.com/fabarea/media_upload/releases/tag/0.9.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2016/20xxx/CVE-2016-20018.json b/2016/20xxx/CVE-2016-20018.json new file mode 100644 index 000000000000..f52015079d14 --- /dev/null +++ b/2016/20xxx/CVE-2016-20018.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-20018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ghostccamm.com/blog/knex_sqli/", + "refsource": "MISC", + "name": "https://www.ghostccamm.com/blog/knex_sqli/" + }, + { + "url": "https://github.com/knex/knex/issues/1227", + "refsource": "MISC", + "name": "https://github.com/knex/knex/issues/1227" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2338.json b/2016/2xxx/CVE-2016-2338.json index c64cfb752d25..0fe7d417c7af 100644 --- a/2016/2xxx/CVE-2016-2338.json +++ b/2016/2xxx/CVE-2016-2338.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://www.talosintelligence.com/reports/TALOS-2016-0032/", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0032/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0005/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0005/" } ] } diff --git a/2017/1000xxx/CVE-2017-1000367.json b/2017/1000xxx/CVE-2017-1000367.json index 6a681e1c9585..f186a08fc821 100644 --- a/2017/1000xxx/CVE-2017-1000367.json +++ b/2017/1000xxx/CVE-2017-1000367.json @@ -132,6 +132,16 @@ "name": "1038582", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038582" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs", + "url": "http://www.openwall.com/lists/oss-security/2022/12/22/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs", + "url": "http://www.openwall.com/lists/oss-security/2022/12/22/6" } ] } diff --git a/2017/11xxx/CVE-2017-11591.json b/2017/11xxx/CVE-2017-11591.json index bd215a6a89f2..944a3deaa6cb 100644 --- a/2017/11xxx/CVE-2017-11591.json +++ b/2017/11xxx/CVE-2017-11591.json @@ -61,6 +61,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473888" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/12xxx/CVE-2017-12073.json b/2017/12xxx/CVE-2017-12073.json index 56be534b9d97..ef3440528cee 100644 --- a/2017/12xxx/CVE-2017-12073.json +++ b/2017/12xxx/CVE-2017-12073.json @@ -1,17 +1,17 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12073", - "STATE": "RESERVED" + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2017/14xxx/CVE-2017-14859.json b/2017/14xxx/CVE-2017-14859.json index 887222f6e1b4..3809c7889d78 100644 --- a/2017/14xxx/CVE-2017-14859.json +++ b/2017/14xxx/CVE-2017-14859.json @@ -61,6 +61,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494780" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/14xxx/CVE-2017-14862.json b/2017/14xxx/CVE-2017-14862.json index 0d4989eb21d5..3699571470d3 100644 --- a/2017/14xxx/CVE-2017-14862.json +++ b/2017/14xxx/CVE-2017-14862.json @@ -61,6 +61,11 @@ "name": "USN-3852-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3852-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/14xxx/CVE-2017-14864.json b/2017/14xxx/CVE-2017-14864.json index fe18a8b1a622..8c6cf1b88389 100644 --- a/2017/14xxx/CVE-2017-14864.json +++ b/2017/14xxx/CVE-2017-14864.json @@ -61,6 +61,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/16xxx/CVE-2017-16256.json b/2017/16xxx/CVE-2017-16256.json index 2774ad496b57..a9d62dcfec48 100644 --- a/2017/16xxx/CVE-2017-16256.json +++ b/2017/16xxx/CVE-2017-16256.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16256", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014ebc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16257.json b/2017/16xxx/CVE-2017-16257.json index 59af01874778..13dc7e60236c 100644 --- a/2017/16xxx/CVE-2017-16257.json +++ b/2017/16xxx/CVE-2017-16257.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16257", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f28, the value for the `cmd3` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16258.json b/2017/16xxx/CVE-2017-16258.json index 44dc09adfc61..6ad6c80b8364 100644 --- a/2017/16xxx/CVE-2017-16258.json +++ b/2017/16xxx/CVE-2017-16258.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16258", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f7c, the value for the `cmd4` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16259.json b/2017/16xxx/CVE-2017-16259.json index c9373031cf56..287ad77e1731 100644 --- a/2017/16xxx/CVE-2017-16259.json +++ b/2017/16xxx/CVE-2017-16259.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16259", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015430, the value for the `usr` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16260.json b/2017/16xxx/CVE-2017-16260.json index bf82898da232..f769256b3f95 100644 --- a/2017/16xxx/CVE-2017-16260.json +++ b/2017/16xxx/CVE-2017-16260.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16260", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015478, the value for the `pwd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16261.json b/2017/16xxx/CVE-2017-16261.json index 463f7406dbf1..de64d9a5e969 100644 --- a/2017/16xxx/CVE-2017-16261.json +++ b/2017/16xxx/CVE-2017-16261.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16261", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015714, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16262.json b/2017/16xxx/CVE-2017-16262.json index 97c118f0a81f..f5547002959e 100644 --- a/2017/16xxx/CVE-2017-16262.json +++ b/2017/16xxx/CVE-2017-16262.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16262", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015864, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16263.json b/2017/16xxx/CVE-2017-16263.json index 07cc0a0dea13..2701ab7d488e 100644 --- a/2017/16xxx/CVE-2017-16263.json +++ b/2017/16xxx/CVE-2017-16263.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16263", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015a8c, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16264.json b/2017/16xxx/CVE-2017-16264.json index 5a238bb40a0f..cb45947b6194 100644 --- a/2017/16xxx/CVE-2017-16264.json +++ b/2017/16xxx/CVE-2017-16264.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16264", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_b, at 0x9d015cfc, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16265.json b/2017/16xxx/CVE-2017-16265.json index 1c5f09b963c3..eb3e6f90bf20 100644 --- a/2017/16xxx/CVE-2017-16265.json +++ b/2017/16xxx/CVE-2017-16265.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16265", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16266.json b/2017/16xxx/CVE-2017-16266.json index c89476cdb9e5..f0b94e4a0f89 100644 --- a/2017/16xxx/CVE-2017-16266.json +++ b/2017/16xxx/CVE-2017-16266.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16266", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016530, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16267.json b/2017/16xxx/CVE-2017-16267.json index fdf24ea5e6c3..9f3405a62a3c 100644 --- a/2017/16xxx/CVE-2017-16267.json +++ b/2017/16xxx/CVE-2017-16267.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16267", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016578, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16268.json b/2017/16xxx/CVE-2017-16268.json index 11cf0b472013..c596b70a5192 100644 --- a/2017/16xxx/CVE-2017-16268.json +++ b/2017/16xxx/CVE-2017-16268.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16268", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d0165c0, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16269.json b/2017/16xxx/CVE-2017-16269.json index 389d836fcc4f..d6d622a46776 100644 --- a/2017/16xxx/CVE-2017-16269.json +++ b/2017/16xxx/CVE-2017-16269.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16269", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01672c, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16270.json b/2017/16xxx/CVE-2017-16270.json index 31fed1184d6e..efce3bf4cb59 100644 --- a/2017/16xxx/CVE-2017-16270.json +++ b/2017/16xxx/CVE-2017-16270.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16270", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01679c, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16271.json b/2017/16xxx/CVE-2017-16271.json index 18de916e9c16..c2a96ed8f69e 100644 --- a/2017/16xxx/CVE-2017-16271.json +++ b/2017/16xxx/CVE-2017-16271.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16271", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016c94, the value for the `as_c` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16272.json b/2017/16xxx/CVE-2017-16272.json index 3c8d07109d9a..a16f8c5412b0 100644 --- a/2017/16xxx/CVE-2017-16272.json +++ b/2017/16xxx/CVE-2017-16272.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16272", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016cf0, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16273.json b/2017/16xxx/CVE-2017-16273.json index 8ebe909ba151..971969547800 100644 --- a/2017/16xxx/CVE-2017-16273.json +++ b/2017/16xxx/CVE-2017-16273.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16273", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_ml, at 0x9d016fa8, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16274.json b/2017/16xxx/CVE-2017-16274.json index edf5edce2f02..77c573e80962 100644 --- a/2017/16xxx/CVE-2017-16274.json +++ b/2017/16xxx/CVE-2017-16274.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16274", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_u, at 0x9d017364, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16275.json b/2017/16xxx/CVE-2017-16275.json index 52bb5fae72ef..1495fd738fe5 100644 --- a/2017/16xxx/CVE-2017-16275.json +++ b/2017/16xxx/CVE-2017-16275.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16275", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d01758c, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16276.json b/2017/16xxx/CVE-2017-16276.json index cde81adf90cf..f36600b05d32 100644 --- a/2017/16xxx/CVE-2017-16276.json +++ b/2017/16xxx/CVE-2017-16276.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16276", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d0175f4, the value for the `gbt` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16277.json b/2017/16xxx/CVE-2017-16277.json index 06f88fc86238..4f0449f9f8e6 100644 --- a/2017/16xxx/CVE-2017-16277.json +++ b/2017/16xxx/CVE-2017-16277.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16277", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16278.json b/2017/16xxx/CVE-2017-16278.json index 52017a4e0bcb..251855c98ba2 100644 --- a/2017/16xxx/CVE-2017-16278.json +++ b/2017/16xxx/CVE-2017-16278.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16278", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01815c, the value for the `ip` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16279.json b/2017/16xxx/CVE-2017-16279.json index be9b447c720c..a5c2bcc8f18a 100644 --- a/2017/16xxx/CVE-2017-16279.json +++ b/2017/16xxx/CVE-2017-16279.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16279", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16280.json b/2017/16xxx/CVE-2017-16280.json index f72c8b0c0853..82e7b3c0b36a 100644 --- a/2017/16xxx/CVE-2017-16280.json +++ b/2017/16xxx/CVE-2017-16280.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16280", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181ec, the value for the `gate` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16281.json b/2017/16xxx/CVE-2017-16281.json index ab6b88bce297..9dc773cab416 100644 --- a/2017/16xxx/CVE-2017-16281.json +++ b/2017/16xxx/CVE-2017-16281.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16281", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d018234, the value for the `sub` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16282.json b/2017/16xxx/CVE-2017-16282.json index e1eb95ff21ae..49743363c0af 100644 --- a/2017/16xxx/CVE-2017-16282.json +++ b/2017/16xxx/CVE-2017-16282.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16282", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01827c, the value for the `dhcp` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16283.json b/2017/16xxx/CVE-2017-16283.json index 179205d864bb..7592db53dfa7 100644 --- a/2017/16xxx/CVE-2017-16283.json +++ b/2017/16xxx/CVE-2017-16283.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16283", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d0188a8, the value for the `name` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16284.json b/2017/16xxx/CVE-2017-16284.json index 6010bb4b313a..cd3207ba58e1 100644 --- a/2017/16xxx/CVE-2017-16284.json +++ b/2017/16xxx/CVE-2017-16284.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16284", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d018958, the value for the `city` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16285.json b/2017/16xxx/CVE-2017-16285.json index e704a693993b..38ef7c2ad732 100644 --- a/2017/16xxx/CVE-2017-16285.json +++ b/2017/16xxx/CVE-2017-16285.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16285", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018e58, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16286.json b/2017/16xxx/CVE-2017-16286.json index b1f99e7a1b78..4dac4fa2dc25 100644 --- a/2017/16xxx/CVE-2017-16286.json +++ b/2017/16xxx/CVE-2017-16286.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16286", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16287.json b/2017/16xxx/CVE-2017-16287.json index 8a3f9810bfb3..9ac096f737d3 100644 --- a/2017/16xxx/CVE-2017-16287.json +++ b/2017/16xxx/CVE-2017-16287.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16287", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f00, the value for the `dstend` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16288.json b/2017/16xxx/CVE-2017-16288.json index c31e340b9e21..066b158adc3e 100644 --- a/2017/16xxx/CVE-2017-16288.json +++ b/2017/16xxx/CVE-2017-16288.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16288", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16289.json b/2017/16xxx/CVE-2017-16289.json index 8a76471a6204..7e4c10ee371a 100644 --- a/2017/16xxx/CVE-2017-16289.json +++ b/2017/16xxx/CVE-2017-16289.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16289", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_utc, at 0x9d0193ac, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16290.json b/2017/16xxx/CVE-2017-16290.json index 6f1c559c2c26..a727f2f8554f 100644 --- a/2017/16xxx/CVE-2017-16290.json +++ b/2017/16xxx/CVE-2017-16290.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16290", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d01980c, the value for the `sunrise` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16291.json b/2017/16xxx/CVE-2017-16291.json index b86fa544f828..718deea1fed5 100644 --- a/2017/16xxx/CVE-2017-16291.json +++ b/2017/16xxx/CVE-2017-16291.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16291", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d019854, the value for the `sunset` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16292.json b/2017/16xxx/CVE-2017-16292.json index e955a234b786..494f58122a0c 100644 --- a/2017/16xxx/CVE-2017-16292.json +++ b/2017/16xxx/CVE-2017-16292.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16292", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16293.json b/2017/16xxx/CVE-2017-16293.json index 6d9a73d85e23..344099aa93d7 100644 --- a/2017/16xxx/CVE-2017-16293.json +++ b/2017/16xxx/CVE-2017-16293.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16293", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a010, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16294.json b/2017/16xxx/CVE-2017-16294.json index fb4e9f52a1a2..6ee883ba8803 100644 --- a/2017/16xxx/CVE-2017-16294.json +++ b/2017/16xxx/CVE-2017-16294.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16294", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a144, the value for the `on` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16295.json b/2017/16xxx/CVE-2017-16295.json index fe703b7dc8f7..e57dd4c0b2a3 100644 --- a/2017/16xxx/CVE-2017-16295.json +++ b/2017/16xxx/CVE-2017-16295.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16295", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a18c, the value for the `off` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16296.json b/2017/16xxx/CVE-2017-16296.json index 9f6746a488f5..11f7406d8cc0 100644 --- a/2017/16xxx/CVE-2017-16296.json +++ b/2017/16xxx/CVE-2017-16296.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16296", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a1d4, the value for the `days` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16297.json b/2017/16xxx/CVE-2017-16297.json index 0d3ea0f8bc51..cbd3f3f2261e 100644 --- a/2017/16xxx/CVE-2017-16297.json +++ b/2017/16xxx/CVE-2017-16297.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16297", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a21c, the value for the `oncmd` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16298.json b/2017/16xxx/CVE-2017-16298.json index 15014320d459..79e038f12b41 100644 --- a/2017/16xxx/CVE-2017-16298.json +++ b/2017/16xxx/CVE-2017-16298.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16298", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a264, the value for the `offcmd` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16299.json b/2017/16xxx/CVE-2017-16299.json index c54d843853bb..ea4dae7b2885 100644 --- a/2017/16xxx/CVE-2017-16299.json +++ b/2017/16xxx/CVE-2017-16299.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16299", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_raw, at 0x9d01aad8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16300.json b/2017/16xxx/CVE-2017-16300.json index 531a7ef222d5..89d2436fe392 100644 --- a/2017/16xxx/CVE-2017-16300.json +++ b/2017/16xxx/CVE-2017-16300.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16300", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ac74, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16301.json b/2017/16xxx/CVE-2017-16301.json index da2d814cae1b..c1a83d40dcd3 100644 --- a/2017/16xxx/CVE-2017-16301.json +++ b/2017/16xxx/CVE-2017-16301.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16301", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad14, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16302.json b/2017/16xxx/CVE-2017-16302.json index 27f57be1f4de..1fc910f98b03 100644 --- a/2017/16xxx/CVE-2017-16302.json +++ b/2017/16xxx/CVE-2017-16302.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16302", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad78, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16303.json b/2017/16xxx/CVE-2017-16303.json index 0365d2f4b9ff..a2fe61b8fd44 100644 --- a/2017/16xxx/CVE-2017-16303.json +++ b/2017/16xxx/CVE-2017-16303.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16303", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01addc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16304.json b/2017/16xxx/CVE-2017-16304.json index d233a2406ce9..badd0db41244 100644 --- a/2017/16xxx/CVE-2017-16304.json +++ b/2017/16xxx/CVE-2017-16304.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16304", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ae40, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16305.json b/2017/16xxx/CVE-2017-16305.json index 75e096cd317c..c0b60d10713e 100644 --- a/2017/16xxx/CVE-2017-16305.json +++ b/2017/16xxx/CVE-2017-16305.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16305", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16306.json b/2017/16xxx/CVE-2017-16306.json index c678f2a4d341..8cc73e43058c 100644 --- a/2017/16xxx/CVE-2017-16306.json +++ b/2017/16xxx/CVE-2017-16306.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16306", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b2ac, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16307.json b/2017/16xxx/CVE-2017-16307.json index ae9951952974..9d5460f86126 100644 --- a/2017/16xxx/CVE-2017-16307.json +++ b/2017/16xxx/CVE-2017-16307.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16307", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b310, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16308.json b/2017/16xxx/CVE-2017-16308.json index 55b3f815f930..547f2e965a7a 100644 --- a/2017/16xxx/CVE-2017-16308.json +++ b/2017/16xxx/CVE-2017-16308.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16308", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b374, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16309.json b/2017/16xxx/CVE-2017-16309.json index d024facfe27a..de7c670b511d 100644 --- a/2017/16xxx/CVE-2017-16309.json +++ b/2017/16xxx/CVE-2017-16309.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16309", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b3d8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16310.json b/2017/16xxx/CVE-2017-16310.json index d5f8003fd785..3efd89ed2107 100644 --- a/2017/16xxx/CVE-2017-16310.json +++ b/2017/16xxx/CVE-2017-16310.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16310", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_ch, at 0x9d01b7b0, the value for the `ch` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16311.json b/2017/16xxx/CVE-2017-16311.json index 5b9cf8ceba09..2eb677f0071e 100644 --- a/2017/16xxx/CVE-2017-16311.json +++ b/2017/16xxx/CVE-2017-16311.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16311", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd UpdateCheck, at 0x9d01bb64, the value for the `type` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16312.json b/2017/16xxx/CVE-2017-16312.json index 68e1afb62097..740fc41f734e 100644 --- a/2017/16xxx/CVE-2017-16312.json +++ b/2017/16xxx/CVE-2017-16312.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16312", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c028, the value for the `sn_discover` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16313.json b/2017/16xxx/CVE-2017-16313.json index 39be440fea02..4584b4291f97 100644 --- a/2017/16xxx/CVE-2017-16313.json +++ b/2017/16xxx/CVE-2017-16313.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16313", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c084, the value for the `s_ddelay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16314.json b/2017/16xxx/CVE-2017-16314.json index f5dd5bad43a6..2e79ed8c9cff 100644 --- a/2017/16xxx/CVE-2017-16314.json +++ b/2017/16xxx/CVE-2017-16314.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16314", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c1cc, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16315.json b/2017/16xxx/CVE-2017-16315.json index 1af779d75115..a6f9926d2bb4 100644 --- a/2017/16xxx/CVE-2017-16315.json +++ b/2017/16xxx/CVE-2017-16315.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16315", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c3a0, the value for the `s_state` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16316.json b/2017/16xxx/CVE-2017-16316.json index 31157888aade..135cd43b2484 100644 --- a/2017/16xxx/CVE-2017-16316.json +++ b/2017/16xxx/CVE-2017-16316.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16316", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c898, the value for the `g_meta_page` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16317.json b/2017/16xxx/CVE-2017-16317.json index f7454833e9fa..af855b6f9260 100644 --- a/2017/16xxx/CVE-2017-16317.json +++ b/2017/16xxx/CVE-2017-16317.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16317", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d068, the value for the `g_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16318.json b/2017/16xxx/CVE-2017-16318.json index 3c04e80b9d09..415709e826b4 100644 --- a/2017/16xxx/CVE-2017-16318.json +++ b/2017/16xxx/CVE-2017-16318.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16318", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d16c, the value for the `g_group_off` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16319.json b/2017/16xxx/CVE-2017-16319.json index 88d0ffa84623..b90c9c5223d5 100644 --- a/2017/16xxx/CVE-2017-16319.json +++ b/2017/16xxx/CVE-2017-16319.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16319", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d7a8, the value for the `g_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16320.json b/2017/16xxx/CVE-2017-16320.json index 8ed9b1f0b9dd..e4d9261a4410 100644 --- a/2017/16xxx/CVE-2017-16320.json +++ b/2017/16xxx/CVE-2017-16320.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16320", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01ddd4, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16321.json b/2017/16xxx/CVE-2017-16321.json index dd809e5a5dd9..f8027228a1f0 100644 --- a/2017/16xxx/CVE-2017-16321.json +++ b/2017/16xxx/CVE-2017-16321.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16321", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e050, the value for the `s_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16322.json b/2017/16xxx/CVE-2017-16322.json index 4504d3b59ba3..fb7fd6e5b3b5 100644 --- a/2017/16xxx/CVE-2017-16322.json +++ b/2017/16xxx/CVE-2017-16322.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16322", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e228, the value for the `c_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16323.json b/2017/16xxx/CVE-2017-16323.json index bbcefdd8e2bf..a6c09f236a55 100644 --- a/2017/16xxx/CVE-2017-16323.json +++ b/2017/16xxx/CVE-2017-16323.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16323", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e2f4, the value for the `s_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16324.json b/2017/16xxx/CVE-2017-16324.json index fa9d36a08db3..3b5cbc885fe1 100644 --- a/2017/16xxx/CVE-2017-16324.json +++ b/2017/16xxx/CVE-2017-16324.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16324", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e368, the value for the `s_group_vol` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16325.json b/2017/16xxx/CVE-2017-16325.json index b10c33cb432d..9fac5b0cb1f5 100644 --- a/2017/16xxx/CVE-2017-16325.json +++ b/2017/16xxx/CVE-2017-16325.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16325", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e3a8, the value for the `s_group_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16326.json b/2017/16xxx/CVE-2017-16326.json index d755206a62d1..c6fe79ec0e0b 100644 --- a/2017/16xxx/CVE-2017-16326.json +++ b/2017/16xxx/CVE-2017-16326.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16326", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e5f4, the value for the `sn_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16327.json b/2017/16xxx/CVE-2017-16327.json index 248b1dcdf2de..c54312bf2d19 100644 --- a/2017/16xxx/CVE-2017-16327.json +++ b/2017/16xxx/CVE-2017-16327.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16327", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_init_event, at 0x9d01ea88, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16328.json b/2017/16xxx/CVE-2017-16328.json index 02e4e461f6ba..713f57ee0b79 100644 --- a/2017/16xxx/CVE-2017-16328.json +++ b/2017/16xxx/CVE-2017-16328.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16328", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb08, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16329.json b/2017/16xxx/CVE-2017-16329.json index 6483c031eaa8..eff5eb3e888f 100644 --- a/2017/16xxx/CVE-2017-16329.json +++ b/2017/16xxx/CVE-2017-16329.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16329", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb44, the value for the `s_event_delay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16330.json b/2017/16xxx/CVE-2017-16330.json index e215ce59a444..fbe42f5c9114 100644 --- a/2017/16xxx/CVE-2017-16330.json +++ b/2017/16xxx/CVE-2017-16330.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16330", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb8c, the value for the `s_event_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16331.json b/2017/16xxx/CVE-2017-16331.json index 7b1664a6c47d..cccfbb5a6729 100644 --- a/2017/16xxx/CVE-2017-16331.json +++ b/2017/16xxx/CVE-2017-16331.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16331", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ebd4, the value for the `s_tid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16332.json b/2017/16xxx/CVE-2017-16332.json index f60ed0513d56..06f8d4d36129 100644 --- a/2017/16xxx/CVE-2017-16332.json +++ b/2017/16xxx/CVE-2017-16332.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16332", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ec34, the value for the `s_aid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16333.json b/2017/16xxx/CVE-2017-16333.json index 9be695c18e6a..15eea981bfba 100644 --- a/2017/16xxx/CVE-2017-16333.json +++ b/2017/16xxx/CVE-2017-16333.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16333", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01ed7c, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16334.json b/2017/16xxx/CVE-2017-16334.json index 7277de90297c..983e91c3c48c 100644 --- a/2017/16xxx/CVE-2017-16334.json +++ b/2017/16xxx/CVE-2017-16334.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16334", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01edb8, the value for the `s_raw` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16335.json b/2017/16xxx/CVE-2017-16335.json index e0d0c9402e55..4621c0782677 100644 --- a/2017/16xxx/CVE-2017-16335.json +++ b/2017/16xxx/CVE-2017-16335.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16335", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01ee70, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/16xxx/CVE-2017-16336.json b/2017/16xxx/CVE-2017-16336.json index 59c91a794907..74e598471fdb 100644 --- a/2017/16xxx/CVE-2017-16336.json +++ b/2017/16xxx/CVE-2017-16336.json @@ -1,17 +1,81 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16336", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01eeb0, the value for the `s_value` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2017/17xxx/CVE-2017-17669.json b/2017/17xxx/CVE-2017-17669.json index f9bffa5d68f2..3d8aaa8ec71c 100644 --- a/2017/17xxx/CVE-2017-17669.json +++ b/2017/17xxx/CVE-2017-17669.json @@ -61,6 +61,11 @@ "name": "USN-3852-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3852-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/18xxx/CVE-2017-18005.json b/2017/18xxx/CVE-2017-18005.json index 245977a6df1b..f7655369847b 100644 --- a/2017/18xxx/CVE-2017-18005.json +++ b/2017/18xxx/CVE-2017-18005.json @@ -56,6 +56,11 @@ "name": "https://github.com/Exiv2/exiv2/issues/168", "refsource": "CONFIRM", "url": "https://github.com/Exiv2/exiv2/issues/168" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2017/20xxx/CVE-2017-20146.json b/2017/20xxx/CVE-2017-20146.json index 35632844afeb..2a3678383db8 100644 --- a/2017/20xxx/CVE-2017-20146.json +++ b/2017/20xxx/CVE-2017-20146.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2017-20146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/gorilla/handlers", + "product": { + "product_data": [ + { + "product_name": "github.com/gorilla/handlers", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gorilla/handlers/pull/116", + "refsource": "MISC", + "name": "https://github.com/gorilla/handlers/pull/116" + }, + { + "url": "https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145", + "refsource": "MISC", + "name": "https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0020", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0020" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "Evan J Johnson" + } + ] } \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20150.json b/2017/20xxx/CVE-2017-20150.json new file mode 100644 index 000000000000..a9e14c48a06c --- /dev/null +++ b/2017/20xxx/CVE-2017-20150.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20150", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in challenge website ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als f1644b1d3502e5aa5284f31ea80d2623817f4d42 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "challenge", + "product": { + "product_data": [ + { + "product_name": "website", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216989", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216989" + }, + { + "url": "https://vuldb.com/?ctiid.216989", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216989" + }, + { + "url": "https://github.com/Challenge/website/commit/f1644b1d3502e5aa5284f31ea80d2623817f4d42", + "refsource": "MISC", + "name": "https://github.com/Challenge/website/commit/f1644b1d3502e5aa5284f31ea80d2623817f4d42" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20151.json b/2017/20xxx/CVE-2017-20151.json new file mode 100644 index 000000000000..f31b25a53c1a --- /dev/null +++ b/2017/20xxx/CVE-2017-20151.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20151", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In iText RUPS wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei src/main/java/com/itextpdf/rups/model/XfaFile.java. Mit der Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Patch wird als ac5590925874ef810018a6b60fec216eee54fb32 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "iText", + "product": { + "product_data": [ + { + "product_name": "RUPS", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217054", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217054" + }, + { + "url": "https://vuldb.com/?ctiid.217054", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217054" + }, + { + "url": "https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32", + "refsource": "MISC", + "name": "https://github.com/itext/rups/commit/ac5590925874ef810018a6b60fec216eee54fb32" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20152.json b/2017/20xxx/CVE-2017-20152.json new file mode 100644 index 000000000000..ad789e34a719 --- /dev/null +++ b/2017/20xxx/CVE-2017-20152.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20152", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in aerouk imageserve gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei public/viewer.php der Komponente File Handler. Durch Manipulation des Arguments filelocation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als bd23c784f0e5cb12f66d15c100248449f87d72e2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "aerouk", + "product": { + "product_data": [ + { + "product_name": "imageserve", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217056", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217056" + }, + { + "url": "https://vuldb.com/?ctiid.217056", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217056" + }, + { + "url": "https://github.com/aerouk/imageserve/pull/27", + "refsource": "MISC", + "name": "https://github.com/aerouk/imageserve/pull/27" + }, + { + "url": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2", + "refsource": "MISC", + "name": "https://github.com/aerouk/imageserve/commit/bd23c784f0e5cb12f66d15c100248449f87d72e2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.1, + "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20153.json b/2017/20xxx/CVE-2017-20153.json new file mode 100644 index 000000000000..612b0306be1f --- /dev/null +++ b/2017/20xxx/CVE-2017-20153.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20153", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In aerouk imageserve wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung. Mittels dem Manipulieren des Arguments REQUEST_URI mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2ac3cd4f90b4df66874fab171376ca26868604c4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "aerouk", + "product": { + "product_data": [ + { + "product_name": "imageserve", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/aerouk/imageserve/pull/27", + "refsource": "MISC", + "name": "https://github.com/aerouk/imageserve/pull/27" + }, + { + "url": "https://vuldb.com/?id.217057", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217057" + }, + { + "url": "https://vuldb.com/?ctiid.217057", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217057" + }, + { + "url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4", + "refsource": "MISC", + "name": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.1, + "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20154.json b/2017/20xxx/CVE-2017-20154.json new file mode 100644 index 000000000000..72fd4eafa7c7 --- /dev/null +++ b/2017/20xxx/CVE-2017-20154.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20154", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ghostlander Phoenixcoin. It has been classified as problematic. Affected is the function CTxMemPool::accept of the file src/main.cpp. The manipulation leads to denial of service. Upgrading to version 0.6.6.1-pxc is able to address this issue. The name of the patch is 987dd68f71a7d8276cef3b6c3d578fd4845b5699. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217068." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in ghostlander Phoenixcoin ausgemacht. Dabei betrifft es die Funktion CTxMemPool::accept der Datei src/main.cpp. Mittels dem Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.6.6.1-pxc vermag dieses Problem zu l\u00f6sen. Der Patch wird als 987dd68f71a7d8276cef3b6c3d578fd4845b5699 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ghostlander", + "product": { + "product_data": [ + { + "product_name": "Phoenixcoin", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217068", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217068" + }, + { + "url": "https://vuldb.com/?ctiid.217068", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217068" + }, + { + "url": "https://github.com/ghostlander/Phoenixcoin/commit/987dd68f71a7d8276cef3b6c3d578fd4845b5699", + "refsource": "MISC", + "name": "https://github.com/ghostlander/Phoenixcoin/commit/987dd68f71a7d8276cef3b6c3d578fd4845b5699" + }, + { + "url": "https://github.com/ghostlander/Phoenixcoin/releases/tag/v0.6.6.1-pxc", + "refsource": "MISC", + "name": "https://github.com/ghostlander/Phoenixcoin/releases/tag/v0.6.6.1-pxc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20155.json b/2017/20xxx/CVE-2017-20155.json new file mode 100644 index 000000000000..ed6f944a11d9 --- /dev/null +++ b/2017/20xxx/CVE-2017-20155.json @@ -0,0 +1,141 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20155", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Sterc Google Analytics Dashboard for MODX bis 1.0.5 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl der Komponente Internal Search. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 855d9560d3782c105568eedf9b22a769fbf29cc0 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sterc", + "product": { + "product_data": [ + { + "product_name": "Google Analytics Dashboard for MODX", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217069", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217069" + }, + { + "url": "https://vuldb.com/?ctiid.217069", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217069" + }, + { + "url": "https://github.com/Sterc/Analytics-dashboard-widget/issues/11", + "refsource": "MISC", + "name": "https://github.com/Sterc/Analytics-dashboard-widget/issues/11" + }, + { + "url": "https://github.com/Sterc/Analytics-dashboard-widget/pull/12", + "refsource": "MISC", + "name": "https://github.com/Sterc/Analytics-dashboard-widget/pull/12" + }, + { + "url": "https://github.com/Sterc/Analytics-dashboard-widget/commit/855d9560d3782c105568eedf9b22a769fbf29cc0", + "refsource": "MISC", + "name": "https://github.com/Sterc/Analytics-dashboard-widget/commit/855d9560d3782c105568eedf9b22a769fbf29cc0" + }, + { + "url": "https://github.com/Sterc/Analytics-dashboard-widget/milestone/2", + "refsource": "MISC", + "name": "https://github.com/Sterc/Analytics-dashboard-widget/milestone/2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20156.json b/2017/20xxx/CVE-2017-20156.json new file mode 100644 index 000000000000..98605ba2d674 --- /dev/null +++ b/2017/20xxx/CVE-2017-20156.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20156", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Exciting Printer gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei lib/printer/jobs/prepare_page.rb der Komponente Argument Handler. Durch Beeinflussen des Arguments URL mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5f8c715d6e2cc000f621a6833f0a86a673462136 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Exciting", + "product": { + "product_data": [ + { + "product_name": "Printer", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217139", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217139" + }, + { + "url": "https://vuldb.com/?ctiid.217139", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217139" + }, + { + "url": "https://github.com/exciting-io/printer/issues/56", + "refsource": "MISC", + "name": "https://github.com/exciting-io/printer/issues/56" + }, + { + "url": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136", + "refsource": "MISC", + "name": "https://github.com/exciting-io/printer/commit/5f8c715d6e2cc000f621a6833f0a86a673462136" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20157.json b/2017/20xxx/CVE-2017-20157.json new file mode 100644 index 000000000000..838776925771 --- /dev/null +++ b/2017/20xxx/CVE-2017-20157.json @@ -0,0 +1,105 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20157", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Ariadne Component Library bis 2.x ausgemacht. Es betrifft eine unbekannte Funktion der Datei src/url/Url.php. Dank der Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ariadne", + "product": { + "product_data": [ + { + "product_name": "Component Library", + "version": { + "version_data": [ + { + "version_value": "2.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217140", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217140" + }, + { + "url": "https://vuldb.com/?ctiid.217140", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217140" + }, + { + "url": "https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656", + "refsource": "MISC", + "name": "https://github.com/Ariadne-CMS/arc-web/commit/1feb1cc11e6c9f218408f15f53f537ea0d788656" + }, + { + "url": "https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0", + "refsource": "MISC", + "name": "https://github.com/Ariadne-CMS/arc-web/releases/tag/3.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20158.json b/2017/20xxx/CVE-2017-20158.json new file mode 100644 index 000000000000..1e721156afb2 --- /dev/null +++ b/2017/20xxx/CVE-2017-20158.json @@ -0,0 +1,143 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20158", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **In vova07 Yii2 FileAPI Widget bis 0.1.8 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion run der Datei actions/UploadAction.php. Dank Manipulation des Arguments file mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.1.9 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c00d1e4fc912257fca1fce66d7a163bdbb4c8222 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vova07", + "product": { + "product_data": [ + { + "product_name": "Yii2 FileAPI Widget", + "version": { + "version_data": [ + { + "version_value": "0.1.0", + "version_affected": "=" + }, + { + "version_value": "0.1.1", + "version_affected": "=" + }, + { + "version_value": "0.1.2", + "version_affected": "=" + }, + { + "version_value": "0.1.3", + "version_affected": "=" + }, + { + "version_value": "0.1.4", + "version_affected": "=" + }, + { + "version_value": "0.1.5", + "version_affected": "=" + }, + { + "version_value": "0.1.6", + "version_affected": "=" + }, + { + "version_value": "0.1.7", + "version_affected": "=" + }, + { + "version_value": "0.1.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217141", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217141" + }, + { + "url": "https://vuldb.com/?ctiid.217141", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217141" + }, + { + "url": "https://github.com/vova07/yii2-fileapi-widget/commit/c00d1e4fc912257fca1fce66d7a163bdbb4c8222", + "refsource": "MISC", + "name": "https://github.com/vova07/yii2-fileapi-widget/commit/c00d1e4fc912257fca1fce66d7a163bdbb4c8222" + }, + { + "url": "https://github.com/vova07/yii2-fileapi-widget/releases/tag/0.1.9", + "refsource": "MISC", + "name": "https://github.com/vova07/yii2-fileapi-widget/releases/tag/0.1.9" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20159.json b/2017/20xxx/CVE-2017-20159.json new file mode 100644 index 000000000000..3968c08a5ef1 --- /dev/null +++ b/2017/20xxx/CVE-2017-20159.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20159", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in rf Keynote bis 0.x ausgemacht. Dies betrifft einen unbekannten Teil der Datei lib/keynote/rumble.rb. Mit der Manipulation des Arguments value mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 05be4356b0a6ca7de48da926a9b997beb5ffeb4a bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rf", + "product": { + "product_data": [ + { + "product_name": "Keynote", + "version": { + "version_data": [ + { + "version_value": "0.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217142", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217142" + }, + { + "url": "https://vuldb.com/?ctiid.217142", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217142" + }, + { + "url": "https://github.com/rf-/keynote/commit/05be4356b0a6ca7de48da926a9b997beb5ffeb4a", + "refsource": "MISC", + "name": "https://github.com/rf-/keynote/commit/05be4356b0a6ca7de48da926a9b997beb5ffeb4a" + }, + { + "url": "https://github.com/rf-/keynote/releases/tag/v1.0.0", + "refsource": "MISC", + "name": "https://github.com/rf-/keynote/releases/tag/v1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20160.json b/2017/20xxx/CVE-2017-20160.json new file mode 100644 index 000000000000..257fa6dbd792 --- /dev/null +++ b/2017/20xxx/CVE-2017-20160.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20160", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in flitto express-param bis 0.x ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei lib/fetchParams.js. Durch das Beeinflussen mit unbekannten Daten kann eine improper handling of extra parameters-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als db94f7391ad0a16dcfcba8b9be1af385b25c42db bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-235 Improper Handling of Extra Parameters", + "cweId": "CWE-235" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "flitto", + "product": { + "product_data": [ + { + "product_name": "express-param", + "version": { + "version_data": [ + { + "version_value": "0.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217149", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217149" + }, + { + "url": "https://vuldb.com/?ctiid.217149", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217149" + }, + { + "url": "https://github.com/flitto/express-param/pull/19", + "refsource": "MISC", + "name": "https://github.com/flitto/express-param/pull/19" + }, + { + "url": "https://github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db", + "refsource": "MISC", + "name": "https://github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db" + }, + { + "url": "https://github.com/flitto/express-param/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/flitto/express-param/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20161.json b/2017/20xxx/CVE-2017-20161.json new file mode 100644 index 000000000000..9fde1800973a --- /dev/null +++ b/2017/20xxx/CVE-2017-20161.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20161", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in rofl0r MacGeiger entdeckt. Dabei betrifft es die Funktion dump_wlan_at der Datei macgeiger.c der Komponente ESSID Handler. Durch Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Patch wird als 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rofl0r", + "product": { + "product_data": [ + { + "product_name": "MacGeiger", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217188", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217188" + }, + { + "url": "https://vuldb.com/?ctiid.217188", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217188" + }, + { + "url": "https://github.com/rofl0r/MacGeiger/commit/57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb", + "refsource": "MISC", + "name": "https://github.com/rofl0r/MacGeiger/commit/57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20162.json b/2017/20xxx/CVE-2017-20162.json new file mode 100644 index 000000000000..2615b3125277 --- /dev/null +++ b/2017/20xxx/CVE-2017-20162.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20162", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in vercel ms bis 1.x entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion parse der Datei index.js. Durch die Manipulation des Arguments str mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als caae2988ba2a37765d055c4eee63d383320ee662 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vercel", + "product": { + "product_data": [ + { + "product_name": "ms", + "version": { + "version_data": [ + { + "version_value": "1.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217451", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217451" + }, + { + "url": "https://vuldb.com/?ctiid.217451", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217451" + }, + { + "url": "https://github.com/vercel/ms/pull/89", + "refsource": "MISC", + "name": "https://github.com/vercel/ms/pull/89" + }, + { + "url": "https://github.com/vercel/ms/commit/caae2988ba2a37765d055c4eee63d383320ee662", + "refsource": "MISC", + "name": "https://github.com/vercel/ms/commit/caae2988ba2a37765d055c4eee63d383320ee662" + }, + { + "url": "https://github.com/vercel/ms/releases/tag/2.0.0", + "refsource": "MISC", + "name": "https://github.com/vercel/ms/releases/tag/2.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 3.5, + "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20163.json b/2017/20xxx/CVE-2017-20163.json new file mode 100644 index 000000000000..ae0f5494bec9 --- /dev/null +++ b/2017/20xxx/CVE-2017-20163.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20163", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217516." + }, + { + "lang": "deu", + "value": "In Red Snapper NView wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion mutate der Datei src/Session.php. Mit der Manipulation des Arguments session mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als cbd255f55d476b29e5680f66f48c73ddb3d416a8 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Snapper", + "product": { + "product_data": [ + { + "product_name": "NView", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217516", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217516" + }, + { + "url": "https://vuldb.com/?ctiid.217516", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217516" + }, + { + "url": "https://github.com/RedSnapper/NView/commit/cbd255f55d476b29e5680f66f48c73ddb3d416a8", + "refsource": "MISC", + "name": "https://github.com/RedSnapper/NView/commit/cbd255f55d476b29e5680f66f48c73ddb3d416a8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20164.json b/2017/20xxx/CVE-2017-20164.json new file mode 100644 index 000000000000..87de805ff233 --- /dev/null +++ b/2017/20xxx/CVE-2017-20164.json @@ -0,0 +1,119 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20164", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Symbiote Seed bis 6.0.2 ausgemacht. Hiervon betroffen ist die Funktion onBeforeSecurityLogin der Datei code/extensions/SecurityLoginExtension.php der Komponente Login. Mit der Manipulation des Arguments URL mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 6.0.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b065ebd82da53009d273aa7e989191f701485244 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 Open Redirect", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symbiote", + "product": { + "product_data": [ + { + "product_name": "Seed", + "version": { + "version_data": [ + { + "version_value": "6.0.0", + "version_affected": "=" + }, + { + "version_value": "6.0.1", + "version_affected": "=" + }, + { + "version_value": "6.0.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217626", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217626" + }, + { + "url": "https://vuldb.com/?ctiid.217626", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217626" + }, + { + "url": "https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244", + "refsource": "MISC", + "name": "https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244" + }, + { + "url": "https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3", + "refsource": "MISC", + "name": "https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20165.json b/2017/20xxx/CVE-2017-20165.json new file mode 100644 index 000000000000..c60f65cc9964 --- /dev/null +++ b/2017/20xxx/CVE-2017-20165.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20165", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in debug-js debug bis 3.0.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft die Funktion useColors der Datei src/node.js. Durch Manipulieren des Arguments str mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c38a0166c266a679c8de012d4eaccec3f944e685 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "debug-js", + "product": { + "product_data": [ + { + "product_name": "debug", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217665", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217665" + }, + { + "url": "https://vuldb.com/?ctiid.217665", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217665" + }, + { + "url": "https://github.com/debug-js/debug/pull/504", + "refsource": "MISC", + "name": "https://github.com/debug-js/debug/pull/504" + }, + { + "url": "https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685", + "refsource": "MISC", + "name": "https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685" + }, + { + "url": "https://github.com/debug-js/debug/releases/tag/3.1.0", + "refsource": "MISC", + "name": "https://github.com/debug-js/debug/releases/tag/3.1.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20166.json b/2017/20xxx/CVE-2017-20166.json new file mode 100644 index 000000000000..96adf0af5bac --- /dev/null +++ b/2017/20xxx/CVE-2017-20166.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-20166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/advisories/GHSA-2xxx-fhc8-9qvq", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-2xxx-fhc8-9qvq" + }, + { + "url": "https://github.com/elixir-ecto/ecto/pull/2125", + "refsource": "MISC", + "name": "https://github.com/elixir-ecto/ecto/pull/2125" + }, + { + "url": "https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250", + "refsource": "MISC", + "name": "https://github.com/elixir-ecto/ecto/commit/db55b0cba6525c24ebddc88ef9ae0c1c00620250" + }, + { + "url": "https://groups.google.com/forum/#!topic/elixir-ecto/0m4NPfg_MMU", + "refsource": "MISC", + "name": "https://groups.google.com/forum/#!topic/elixir-ecto/0m4NPfg_MMU" + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20167.json b/2017/20xxx/CVE-2017-20167.json new file mode 100644 index 000000000000..955ac0b2ad77 --- /dev/null +++ b/2017/20xxx/CVE-2017-20167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-20167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/20xxx/CVE-2017-20168.json b/2017/20xxx/CVE-2017-20168.json new file mode 100644 index 000000000000..8f3b5ee5601f --- /dev/null +++ b/2017/20xxx/CVE-2017-20168.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-20168", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jfm-so", + "product": { + "product_data": [ + { + "product_name": "piWallet", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218006", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218006" + }, + { + "url": "https://vuldb.com/?ctiid.218006", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218006" + }, + { + "url": "https://github.com/jfm-so/piWallet/pull/23", + "refsource": "MISC", + "name": "https://github.com/jfm-so/piWallet/pull/23" + }, + { + "url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb", + "refsource": "MISC", + "name": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16135.json b/2018/16xxx/CVE-2018-16135.json index c4848cd77bb6..b1f9d5e6bab3 100644 --- a/2018/16xxx/CVE-2018-16135.json +++ b/2018/16xxx/CVE-2018-16135.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16135", - "STATE": "RESERVED" + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://payatu.com/advisory/opera-mini-location-permission-spoof-", + "refsource": "MISC", + "name": "https://payatu.com/advisory/opera-mini-location-permission-spoof-" } ] } diff --git a/2018/16xxx/CVE-2018-16556.json b/2018/16xxx/CVE-2018-16556.json index 7c57293c15e6..9b745d657e84 100644 --- a/2018/16xxx/CVE-2018-16556.json +++ b/2018/16xxx/CVE-2018-16556.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2018-16556", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,41 +36,45 @@ "product": { "product_data": [ { - "product_name": "SIMATIC S7-400 DP V7 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V6.0.9", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V6.0.9" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -59,7 +84,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V8.2.1" + "version_value": "All versions < V8.2.1", + "version_affected": "=" } ] } @@ -70,38 +96,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-400 DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system." - } - ] - }, "references": { "reference_data": [ { - "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02" - }, - { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16557.json b/2018/16xxx/CVE-2018-16557.json index 234acc284fb9..178e158c0176 100644 --- a/2018/16xxx/CVE-2018-16557.json +++ b/2018/16xxx/CVE-2018-16557.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2018-16557", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,41 +36,45 @@ "product": { "product_data": [ { - "product_name": "SIMATIC S7-400 DP V7 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V6.0.9", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V6.0.9" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -59,7 +84,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V8.2.1" + "version_value": "All versions < V8.2.1", + "version_affected": "=" } ] } @@ -70,38 +96,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-347: Improper Verification of Cryptographic Signature" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-400 DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system." - } - ] - }, "references": { "reference_data": [ { - "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02", - "refsource": "MISC", - "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02" - }, - { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17581.json b/2018/17xxx/CVE-2018-17581.json index 0d460bd7cec5..6c257c8ae6b3 100644 --- a/2018/17xxx/CVE-2018-17581.json +++ b/2018/17xxx/CVE-2018-17581.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2101", "url": "https://access.redhat.com/errata/RHSA-2019:2101" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2018/19xxx/CVE-2018-19107.json b/2018/19xxx/CVE-2018-19107.json index fd63413687c0..7595dc6e5de8 100644 --- a/2018/19xxx/CVE-2018-19107.json +++ b/2018/19xxx/CVE-2018-19107.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2101", "url": "https://access.redhat.com/errata/RHSA-2019:2101" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2018/19xxx/CVE-2018-19108.json b/2018/19xxx/CVE-2018-19108.json index 6ba366078c00..17ed0dde3313 100644 --- a/2018/19xxx/CVE-2018-19108.json +++ b/2018/19xxx/CVE-2018-19108.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0482", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2018/19xxx/CVE-2018-19535.json b/2018/19xxx/CVE-2018-19535.json index d4237e879e4c..d98129d52ae9 100644 --- a/2018/19xxx/CVE-2018-19535.json +++ b/2018/19xxx/CVE-2018-19535.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2101", "url": "https://access.redhat.com/errata/RHSA-2019:2101" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2018/20xxx/CVE-2018-20097.json b/2018/20xxx/CVE-2018-20097.json index 625c397c7f2a..7e075be78c0d 100644 --- a/2018/20xxx/CVE-2018-20097.json +++ b/2018/20xxx/CVE-2018-20097.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2101", "url": "https://access.redhat.com/errata/RHSA-2019:2101" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2018/25xxx/CVE-2018-25034.json b/2018/25xxx/CVE-2018-25034.json index e97e4055d21f..b7800aa5d8a1 100644 --- a/2018/25xxx/CVE-2018-25034.json +++ b/2018/25xxx/CVE-2018-25034.json @@ -1,15 +1,37 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25034", - "TITLE": "Thomson TCW710 wlanPrimaryNetwork Persistent cross site scriting", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, - "generator": "vuldb.com", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input > as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Thomson TCW710 ST5D.10.05 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /goform/wlanPrimaryNetwork. Durch Manipulieren des Arguments ServiceSetIdentifier mit der Eingabe > durch POST Request kann eine basic cross site scripting-Schwachstelle (Persistent) ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Basic Cross Site Scripting", + "cweId": "CWE-80" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -22,7 +44,8 @@ "version": { "version_data": [ { - "version_value": "ST5D.10.05" + "version_value": "ST5D.10.05", + "version_affected": "=" } ] } @@ -33,34 +56,6 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-80 Basic Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input > as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." - } - ] - }, - "credit": "moikano", - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" - } - }, "references": { "reference_data": [ { @@ -72,6 +67,27 @@ "url": "https://vuldb.com/?id.126695", "refsource": "MISC", "name": "https://vuldb.com/?id.126695" + }, + { + "url": "https://vuldb.com/?ctiid.126695", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.126695" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" } ] } diff --git a/2018/25xxx/CVE-2018-25046.json b/2018/25xxx/CVE-2018-25046.json index df3d595cf7f1..d2aca3e14bee 100644 --- a/2018/25xxx/CVE-2018-25046.json +++ b/2018/25xxx/CVE-2018-25046.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 29: Path Traversal: \"\\..\\filename\"" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/cloudfoundry/archiver", + "product": { + "product_data": [ + { + "product_name": "github.com/cloudfoundry/archiver", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "code.cloudfoundry.org/archiver", + "product": { + "product_data": [ + { + "product_name": "code.cloudfoundry.org/archiver", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "name": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "url": "https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840", + "refsource": "MISC", + "name": "https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0025", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0025" } ] } diff --git a/2018/25xxx/CVE-2018-25047.json b/2018/25xxx/CVE-2018-25047.json index 99182e0a20eb..f8a089a5f9ff 100644 --- a/2018/25xxx/CVE-2018-25047.json +++ b/2018/25xxx/CVE-2018-25047.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202209-09", "url": "https://security.gentoo.org/glsa/202209-09" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230105 [SECURITY] [DLA 3262-1] smarty3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00002.html" } ] } diff --git a/2018/25xxx/CVE-2018-25049.json b/2018/25xxx/CVE-2018-25049.json new file mode 100644 index 000000000000..c6ee90c36fb8 --- /dev/null +++ b/2018/25xxx/CVE-2018-25049.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25049", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is recommended to apply a patch to fix this issue. VDB-216854 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in email-existence ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei index.js. Dank der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Patch wird als 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "email-existence", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216854", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216854" + }, + { + "url": "https://vuldb.com/?ctiid.216854", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216854" + }, + { + "url": "https://github.com/nmanousos/email-existence/pull/37", + "refsource": "MISC", + "name": "https://github.com/nmanousos/email-existence/pull/37" + }, + { + "url": "https://github.com/nmanousos/email-existence/commit/0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56", + "refsource": "MISC", + "name": "https://github.com/nmanousos/email-existence/commit/0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25050.json b/2018/25xxx/CVE-2018-25050.json new file mode 100644 index 000000000000..221b0226bc25 --- /dev/null +++ b/2018/25xxx/CVE-2018-25050.json @@ -0,0 +1,128 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25050", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.7 is able to address this issue. The name of the patch is 77fd031d541e77510268d1041ed37798fdd1017e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216956." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Harvest Chosen bis 1.8.6 entdeckt. Es geht hierbei um die Funktion AbstractChosen der Datei coffee/lib/abstract-chosen.coffee. Durch die Manipulation des Arguments group_label mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.8.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 77fd031d541e77510268d1041ed37798fdd1017e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Harvest", + "product": { + "product_data": [ + { + "product_name": "Chosen", + "version": { + "version_data": [ + { + "version_value": "1.8.0", + "version_affected": "=" + }, + { + "version_value": "1.8.1", + "version_affected": "=" + }, + { + "version_value": "1.8.2", + "version_affected": "=" + }, + { + "version_value": "1.8.3", + "version_affected": "=" + }, + { + "version_value": "1.8.4", + "version_affected": "=" + }, + { + "version_value": "1.8.5", + "version_affected": "=" + }, + { + "version_value": "1.8.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216956", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216956" + }, + { + "url": "https://vuldb.com/?ctiid.216956", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216956" + }, + { + "url": "https://github.com/harvesthq/chosen/pull/2997", + "refsource": "MISC", + "name": "https://github.com/harvesthq/chosen/pull/2997" + }, + { + "url": "https://github.com/harvesthq/chosen/commit/77fd031d541e77510268d1041ed37798fdd1017e", + "refsource": "MISC", + "name": "https://github.com/harvesthq/chosen/commit/77fd031d541e77510268d1041ed37798fdd1017e" + }, + { + "url": "https://github.com/harvesthq/chosen/releases/tag/v1.8.7", + "refsource": "MISC", + "name": "https://github.com/harvesthq/chosen/releases/tag/v1.8.7" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25051.json b/2018/25xxx/CVE-2018-25051.json new file mode 100644 index 000000000000..b4330b7c3afd --- /dev/null +++ b/2018/25xxx/CVE-2018-25051.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25051", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in JmPotato Pomash. This affects an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the argument article.title/content.title/article.tag leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be1914ef0a6808e00f51618b2de92496a3604415. It is recommended to apply a patch to fix this issue. The identifier VDB-216957 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in JmPotato Pomash gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei Pomash/theme/clean/templates/editor.html. Durch Manipulation des Arguments article.title/content.title/article.tag mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als be1914ef0a6808e00f51618b2de92496a3604415 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JmPotato", + "product": { + "product_data": [ + { + "product_name": "Pomash", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216957", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216957" + }, + { + "url": "https://vuldb.com/?ctiid.216957", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216957" + }, + { + "url": "https://github.com/JmPotato/Pomash/commit/be1914ef0a6808e00f51618b2de92496a3604415", + "refsource": "MISC", + "name": "https://github.com/JmPotato/Pomash/commit/be1914ef0a6808e00f51618b2de92496a3604415" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25052.json b/2018/25xxx/CVE-2018-25052.json new file mode 100644 index 000000000000..81af94d7dd9f --- /dev/null +++ b/2018/25xxx/CVE-2018-25052.json @@ -0,0 +1,255 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25052", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Catalyst-Plugin-Session bis 0.40 wurde eine problematische Schwachstelle gefunden. Dabei geht es um die Funktion _load_sessionid der Datei lib/Catalyst/Plugin/Session.pm der Komponente Session ID Handler. Mittels dem Manipulieren des Arguments sid mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.41 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 88d1b599e1163761c9bd53bec53ba078f13e09d4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Catalyst-Plugin-Session", + "version": { + "version_data": [ + { + "version_value": "0.1", + "version_affected": "=" + }, + { + "version_value": "0.2", + "version_affected": "=" + }, + { + "version_value": "0.3", + "version_affected": "=" + }, + { + "version_value": "0.4", + "version_affected": "=" + }, + { + "version_value": "0.5", + "version_affected": "=" + }, + { + "version_value": "0.6", + "version_affected": "=" + }, + { + "version_value": "0.7", + "version_affected": "=" + }, + { + "version_value": "0.8", + "version_affected": "=" + }, + { + "version_value": "0.9", + "version_affected": "=" + }, + { + "version_value": "0.10", + "version_affected": "=" + }, + { + "version_value": "0.11", + "version_affected": "=" + }, + { + "version_value": "0.12", + "version_affected": "=" + }, + { + "version_value": "0.13", + "version_affected": "=" + }, + { + "version_value": "0.14", + "version_affected": "=" + }, + { + "version_value": "0.15", + "version_affected": "=" + }, + { + "version_value": "0.16", + "version_affected": "=" + }, + { + "version_value": "0.17", + "version_affected": "=" + }, + { + "version_value": "0.18", + "version_affected": "=" + }, + { + "version_value": "0.19", + "version_affected": "=" + }, + { + "version_value": "0.20", + "version_affected": "=" + }, + { + "version_value": "0.21", + "version_affected": "=" + }, + { + "version_value": "0.22", + "version_affected": "=" + }, + { + "version_value": "0.23", + "version_affected": "=" + }, + { + "version_value": "0.24", + "version_affected": "=" + }, + { + "version_value": "0.25", + "version_affected": "=" + }, + { + "version_value": "0.26", + "version_affected": "=" + }, + { + "version_value": "0.27", + "version_affected": "=" + }, + { + "version_value": "0.28", + "version_affected": "=" + }, + { + "version_value": "0.29", + "version_affected": "=" + }, + { + "version_value": "0.30", + "version_affected": "=" + }, + { + "version_value": "0.31", + "version_affected": "=" + }, + { + "version_value": "0.32", + "version_affected": "=" + }, + { + "version_value": "0.33", + "version_affected": "=" + }, + { + "version_value": "0.34", + "version_affected": "=" + }, + { + "version_value": "0.35", + "version_affected": "=" + }, + { + "version_value": "0.36", + "version_affected": "=" + }, + { + "version_value": "0.37", + "version_affected": "=" + }, + { + "version_value": "0.38", + "version_affected": "=" + }, + { + "version_value": "0.39", + "version_affected": "=" + }, + { + "version_value": "0.40", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216958", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216958" + }, + { + "url": "https://vuldb.com/?ctiid.216958", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216958" + }, + { + "url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4", + "refsource": "MISC", + "name": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4" + }, + { + "url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41", + "refsource": "MISC", + "name": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25053.json b/2018/25xxx/CVE-2018-25053.json new file mode 100644 index 000000000000..e44feb9247ec --- /dev/null +++ b/2018/25xxx/CVE-2018-25053.json @@ -0,0 +1,103 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25053", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in moappi Json2html bis 1.1.x gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei json2html.js. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2d3d24d971b19a8ed1fb823596300b9835d55801 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "moappi", + "product": { + "product_data": [ + { + "product_name": "Json2html", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216959", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216959" + }, + { + "url": "https://vuldb.com/?ctiid.216959", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216959" + }, + { + "url": "https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801", + "refsource": "MISC", + "name": "https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801" + }, + { + "url": "https://github.com/moappi/json2html/releases/tag/1.2.0", + "refsource": "MISC", + "name": "https://github.com/moappi/json2html/releases/tag/1.2.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25054.json b/2018/25xxx/CVE-2018-25054.json new file mode 100644 index 000000000000..428287f1c930 --- /dev/null +++ b/2018/25xxx/CVE-2018-25054.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25054", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216960." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in shred cilla ausgemacht. Es betrifft eine unbekannte Funktion der Datei cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp der Komponente Search Handler. Durch das Manipulieren des Arguments details mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als d345e6bc7798bd717a583ec7f545ca387819d5c7 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "shred", + "product": { + "product_data": [ + { + "product_name": "cilla", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216960", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216960" + }, + { + "url": "https://vuldb.com/?ctiid.216960", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216960" + }, + { + "url": "https://github.com/shred/cilla/commit/d345e6bc7798bd717a583ec7f545ca387819d5c7", + "refsource": "MISC", + "name": "https://github.com/shred/cilla/commit/d345e6bc7798bd717a583ec7f545ca387819d5c7" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25055.json b/2018/25xxx/CVE-2018-25055.json new file mode 100644 index 000000000000..0c523cf61b87 --- /dev/null +++ b/2018/25xxx/CVE-2018-25055.json @@ -0,0 +1,124 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25055", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is b8f3d61511c9b02b781ec442bfb803cbff8e08d5. It is recommended to upgrade the affected component. The identifier VDB-216961 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In FarCry Solr Pro Plugin bis 1.5.x wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei packages/forms/solrProSearch.cfc der Komponente Search Handler. Durch Manipulieren des Arguments suggestion mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.6.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b8f3d61511c9b02b781ec442bfb803cbff8e08d5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FarCry Solr Pro Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216961", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216961" + }, + { + "url": "https://vuldb.com/?ctiid.216961", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216961" + }, + { + "url": "https://github.com/jeffcoughlin/farcrysolrpro/issues/78", + "refsource": "MISC", + "name": "https://github.com/jeffcoughlin/farcrysolrpro/issues/78" + }, + { + "url": "https://github.com/jeffcoughlin/farcrysolrpro/commit/b8f3d61511c9b02b781ec442bfb803cbff8e08d5", + "refsource": "MISC", + "name": "https://github.com/jeffcoughlin/farcrysolrpro/commit/b8f3d61511c9b02b781ec442bfb803cbff8e08d5" + }, + { + "url": "https://github.com/jeffcoughlin/farcrysolrpro/releases/tag/1.6.0", + "refsource": "MISC", + "name": "https://github.com/jeffcoughlin/farcrysolrpro/releases/tag/1.6.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25056.json b/2018/25xxx/CVE-2018-25056.json new file mode 100644 index 000000000000..c2ef766a7eb5 --- /dev/null +++ b/2018/25xxx/CVE-2018-25056.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25056", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in yolapi gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion render_description der Datei yolapi/pypi/metadata.py. Mit der Manipulation des Arguments text mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als a0fe129055a99f429133a5c40cb13b44611ff796 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "yolapi", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216966", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216966" + }, + { + "url": "https://vuldb.com/?ctiid.216966", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216966" + }, + { + "url": "https://github.com/yola/yolapi/commit/a0fe129055a99f429133a5c40cb13b44611ff796", + "refsource": "MISC", + "name": "https://github.com/yola/yolapi/commit/a0fe129055a99f429133a5c40cb13b44611ff796" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25057.json b/2018/25xxx/CVE-2018-25057.json new file mode 100644 index 000000000000..291417b3ef65 --- /dev/null +++ b/2018/25xxx/CVE-2018-25057.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25057", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link[\"id\"] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in simple_php_link_shortener ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei index.php. Durch Beeinflussen des Arguments $link[\"id\"] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b26ac6480761635ed94ccb0222ba6b732de6e53f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "simple_php_link_shortener", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216996", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216996" + }, + { + "url": "https://vuldb.com/?ctiid.216996", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216996" + }, + { + "url": "https://github.com/mikebharris/simple_php_link_shortener/commit/b26ac6480761635ed94ccb0222ba6b732de6e53f", + "refsource": "MISC", + "name": "https://github.com/mikebharris/simple_php_link_shortener/commit/b26ac6480761635ed94ccb0222ba6b732de6e53f" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25058.json b/2018/25xxx/CVE-2018-25058.json new file mode 100644 index 000000000000..85b70e6266ce --- /dev/null +++ b/2018/25xxx/CVE-2018-25058.json @@ -0,0 +1,104 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25058", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Twitter-Post-Fetcher bis 17.x entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei js/twitterFetcher.js der Komponente Link Target Handler. Durch das Beeinflussen mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 18.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access", + "cweId": "CWE-1022" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Twitter-Post-Fetcher", + "version": { + "version_data": [ + { + "version_value": "17.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217017", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217017" + }, + { + "url": "https://vuldb.com/?ctiid.217017", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217017" + }, + { + "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170", + "refsource": "MISC", + "name": "https://github.com/jasonmayes/Twitter-Post-Fetcher/pull/170" + }, + { + "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3", + "refsource": "MISC", + "name": "https://github.com/jasonmayes/Twitter-Post-Fetcher/commit/7d281c6fb5acbc29a2cad295262c1f0c19ca56f3" + }, + { + "url": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0", + "refsource": "MISC", + "name": "https://github.com/jasonmayes/Twitter-Post-Fetcher/releases/tag/18.0.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.2, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.2, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25059.json b/2018/25xxx/CVE-2018-25059.json new file mode 100644 index 000000000000..54b7c686d365 --- /dev/null +++ b/2018/25xxx/CVE-2018-25059.json @@ -0,0 +1,124 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25059", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in pastebinit bis 0.2.2 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion pasteHandler der Datei server.go. Durch Beeinflussen des Arguments r.URL.Path mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1af2facb6d95976c532b7f8f82747d454a092272 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pastebinit", + "version": { + "version_data": [ + { + "version_value": "0.2.0", + "version_affected": "=" + }, + { + "version_value": "0.2.1", + "version_affected": "=" + }, + { + "version_value": "0.2.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217040", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217040" + }, + { + "url": "https://vuldb.com/?ctiid.217040", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217040" + }, + { + "url": "https://github.com/jessfraz/pastebinit/pull/3", + "refsource": "MISC", + "name": "https://github.com/jessfraz/pastebinit/pull/3" + }, + { + "url": "https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272", + "refsource": "MISC", + "name": "https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272" + }, + { + "url": "https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3", + "refsource": "MISC", + "name": "https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.7, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25060.json b/2018/25xxx/CVE-2018-25060.json new file mode 100644 index 000000000000..8a7fd6134307 --- /dev/null +++ b/2018/25xxx/CVE-2018-25060.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25060", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Macaron csrf gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei csrf.go. Mittels Manipulieren des Arguments Generate mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als dadd1711a617000b70e5e408a76531b73187031c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-614 Sensitive Cookie Without Secure Attribute", + "cweId": "CWE-614" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Macaron", + "product": { + "product_data": [ + { + "product_name": "csrf", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217058", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217058" + }, + { + "url": "https://vuldb.com/?ctiid.217058", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217058" + }, + { + "url": "https://github.com/go-macaron/csrf/pull/7", + "refsource": "MISC", + "name": "https://github.com/go-macaron/csrf/pull/7" + }, + { + "url": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c", + "refsource": "MISC", + "name": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.7, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25061.json b/2018/25xxx/CVE-2018-25061.json new file mode 100644 index 000000000000..f59264628697 --- /dev/null +++ b/2018/25xxx/CVE-2018-25061.json @@ -0,0 +1,131 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25061", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in rgb2hex bis 0.1.5 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Dank der Manipulation mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.1.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9e0c38594432edfa64136fdf7bb651835e17c34f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "rgb2hex", + "version": { + "version_data": [ + { + "version_value": "0.1.0", + "version_affected": "=" + }, + { + "version_value": "0.1.1", + "version_affected": "=" + }, + { + "version_value": "0.1.2", + "version_affected": "=" + }, + { + "version_value": "0.1.3", + "version_affected": "=" + }, + { + "version_value": "0.1.4", + "version_affected": "=" + }, + { + "version_value": "0.1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217151", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217151" + }, + { + "url": "https://vuldb.com/?ctiid.217151", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217151" + }, + { + "url": "https://github.com/christian-bromann/rgb2hex/commit/9e0c38594432edfa64136fdf7bb651835e17c34f", + "refsource": "MISC", + "name": "https://github.com/christian-bromann/rgb2hex/commit/9e0c38594432edfa64136fdf7bb651835e17c34f" + }, + { + "url": "https://github.com/christian-bromann/rgb2hex/releases/tag/v0.1.6", + "refsource": "MISC", + "name": "https://github.com/christian-bromann/rgb2hex/releases/tag/v0.1.6" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25062.json b/2018/25xxx/CVE-2018-25062.json new file mode 100644 index 000000000000..d9a83c38e15a --- /dev/null +++ b/2018/25xxx/CVE-2018-25062.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25062", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "flar2", + "product": { + "product_data": [ + { + "product_name": "ElementalX", + "version": { + "version_data": [ + { + "version_value": "6.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217152", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217152" + }, + { + "url": "https://vuldb.com/?ctiid.217152", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217152" + }, + { + "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79", + "refsource": "MISC", + "name": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mohamed Ghannam" + }, + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25063.json b/2018/25xxx/CVE-2018-25063.json new file mode 100644 index 000000000000..e8911544c1e8 --- /dev/null +++ b/2018/25xxx/CVE-2018-25063.json @@ -0,0 +1,132 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25063", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Zenoss Dashboard bis 1.3.4 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. Mit der Manipulation des Arguments HTMLString mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.3.5 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f462285a0a2d7e1a9255b0820240b94a43b00a44 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zenoss", + "product": { + "product_data": [ + { + "product_name": "Dashboard", + "version": { + "version_data": [ + { + "version_value": "1.3.0", + "version_affected": "=" + }, + { + "version_value": "1.3.1", + "version_affected": "=" + }, + { + "version_value": "1.3.2", + "version_affected": "=" + }, + { + "version_value": "1.3.3", + "version_affected": "=" + }, + { + "version_value": "1.3.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217153", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217153" + }, + { + "url": "https://vuldb.com/?ctiid.217153", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217153" + }, + { + "url": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/pull/130", + "refsource": "MISC", + "name": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/pull/130" + }, + { + "url": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/commit/f462285a0a2d7e1a9255b0820240b94a43b00a44", + "refsource": "MISC", + "name": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/commit/f462285a0a2d7e1a9255b0820240b94a43b00a44" + }, + { + "url": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/releases/tag/1.3.5", + "refsource": "MISC", + "name": "https://github.com/zenoss/ZenPacks.zenoss.Dashboard/releases/tag/1.3.5" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25064.json b/2018/25xxx/CVE-2018-25064.json new file mode 100644 index 000000000000..daadec73a091 --- /dev/null +++ b/2018/25xxx/CVE-2018-25064.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25064", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in OSM Lab show-me-the-way ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei js/site.js. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OSM Lab", + "product": { + "product_data": [ + { + "product_name": "show-me-the-way", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217439", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217439" + }, + { + "url": "https://vuldb.com/?ctiid.217439", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217439" + }, + { + "url": "https://github.com/osmlab/show-me-the-way/pull/57", + "refsource": "MISC", + "name": "https://github.com/osmlab/show-me-the-way/pull/57" + }, + { + "url": "https://github.com/osmlab/show-me-the-way/commit/4bed3b34dcc01fe6661f39c0e5d2285b340f7cac", + "refsource": "MISC", + "name": "https://github.com/osmlab/show-me-the-way/commit/4bed3b34dcc01fe6661f39c0e5d2285b340f7cac" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25065.json b/2018/25xxx/CVE-2018-25065.json new file mode 100644 index 000000000000..55871d1edcf1 --- /dev/null +++ b/2018/25xxx/CVE-2018-25065.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25065", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Wikimedia mediawiki-extensions-I18nTags gefunden. Davon betroffen ist unbekannter Code der Datei I18nTags_body.php der Komponente Unlike Parser. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als b4bc3cbbb099eab50cf2b544cf577116f1867b94 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia", + "product": { + "product_data": [ + { + "product_name": "mediawiki-extensions-I18nTags", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217445", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217445" + }, + { + "url": "https://vuldb.com/?ctiid.217445", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217445" + }, + { + "url": "https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94", + "refsource": "MISC", + "name": "https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25066.json b/2018/25xxx/CVE-2018-25066.json new file mode 100644 index 000000000000..b4998c30ceb5 --- /dev/null +++ b/2018/25xxx/CVE-2018-25066.json @@ -0,0 +1,115 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25066", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in PeterMu nodebatis bis 2.1.x ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6629ff5b7e3d62ad8319007a54589ec1f62c7c35 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PeterMu", + "product": { + "product_data": [ + { + "product_name": "nodebatis", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217554", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217554" + }, + { + "url": "https://vuldb.com/?ctiid.217554", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217554" + }, + { + "url": "https://github.com/PeterMu/nodebatis/commit/6629ff5b7e3d62ad8319007a54589ec1f62c7c35", + "refsource": "MISC", + "name": "https://github.com/PeterMu/nodebatis/commit/6629ff5b7e3d62ad8319007a54589ec1f62c7c35" + }, + { + "url": "https://github.com/PeterMu/nodebatis/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/PeterMu/nodebatis/releases/tag/v2.2.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25067.json b/2018/25xxx/CVE-2018-25067.json new file mode 100644 index 000000000000..472e081f6cb2 --- /dev/null +++ b/2018/25xxx/CVE-2018-25067.json @@ -0,0 +1,128 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25067", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in JoomGallery bis 3.3.3 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei administrator/components/com_joomgallery/views/config/tmpl/default.php der Komponente Image Sort Handler. Dank der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.3.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dc414ee954e849082260f8613e15a1c1e1d354a1 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "JoomGallery", + "version": { + "version_data": [ + { + "version_value": "3.3.0", + "version_affected": "=" + }, + { + "version_value": "3.3.1", + "version_affected": "=" + }, + { + "version_value": "3.3.2", + "version_affected": "=" + }, + { + "version_value": "3.3.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217569", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217569" + }, + { + "url": "https://vuldb.com/?ctiid.217569", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217569" + }, + { + "url": "https://github.com/JoomGallery/JoomGallery/pull/122", + "refsource": "MISC", + "name": "https://github.com/JoomGallery/JoomGallery/pull/122" + }, + { + "url": "https://github.com/JoomGallery/JoomGallery/commit/dc414ee954e849082260f8613e15a1c1e1d354a1", + "refsource": "MISC", + "name": "https://github.com/JoomGallery/JoomGallery/commit/dc414ee954e849082260f8613e15a1c1e1d354a1" + }, + { + "url": "https://github.com/JoomGallery/JoomGallery/releases/tag/v3.3.4", + "refsource": "MISC", + "name": "https://github.com/JoomGallery/JoomGallery/releases/tag/v3.3.4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25068.json b/2018/25xxx/CVE-2018-25068.json new file mode 100644 index 000000000000..c06da643f12e --- /dev/null +++ b/2018/25xxx/CVE-2018-25068.json @@ -0,0 +1,131 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25068", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In devent globalpom-utils bis 4.5.0 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion createTmpDir der Datei globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. Dank Manipulation mit unbekannten Daten kann eine insecure temporary file-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.5.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 77a820bac2f68e662ce261ecb050c643bd7ee560 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377 Insecure Temporary File", + "cweId": "CWE-377" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devent", + "product": { + "product_data": [ + { + "product_name": "globalpom-utils", + "version": { + "version_data": [ + { + "version_value": "4.0", + "version_affected": "=" + }, + { + "version_value": "4.1", + "version_affected": "=" + }, + { + "version_value": "4.2", + "version_affected": "=" + }, + { + "version_value": "4.3", + "version_affected": "=" + }, + { + "version_value": "4.4", + "version_affected": "=" + }, + { + "version_value": "4.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217570", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217570" + }, + { + "url": "https://vuldb.com/?ctiid.217570", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217570" + }, + { + "url": "https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c643bd7ee560", + "refsource": "MISC", + "name": "https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c643bd7ee560" + }, + { + "url": "https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1", + "refsource": "MISC", + "name": "https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25069.json b/2018/25xxx/CVE-2018-25069.json new file mode 100644 index 000000000000..6006a345b97b --- /dev/null +++ b/2018/25xxx/CVE-2018-25069.json @@ -0,0 +1,100 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25069", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Netis Netcore Router entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil. Mit der Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-259 Use of Hard-coded Password", + "cweId": "CWE-259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netis", + "product": { + "product_data": [ + { + "product_name": "Netcore Router", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217593", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217593" + }, + { + "url": "https://vuldb.com/?ctiid.217593", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217593" + }, + { + "url": "https://advisories.checkpoint.com/advisory/cpai-2018-0721/", + "refsource": "MISC", + "name": "https://advisories.checkpoint.com/advisory/cpai-2018-0721/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25070.json b/2018/25xxx/CVE-2018-25070.json new file mode 100644 index 000000000000..9b1f0d0a26b1 --- /dev/null +++ b/2018/25xxx/CVE-2018-25070.json @@ -0,0 +1,119 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25070", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In polterguy Phosphorus Five bis 8.2 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion csv.Read der Datei plugins/extras/p5.mysql/NonQuery.cs der Komponente CSV Import. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 8.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c179a3d0703db55cfe0cb939b89593f2e7a87246 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "polterguy", + "product": { + "product_data": [ + { + "product_name": "Phosphorus Five", + "version": { + "version_data": [ + { + "version_value": "8.0", + "version_affected": "=" + }, + { + "version_value": "8.1", + "version_affected": "=" + }, + { + "version_value": "8.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217606", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217606" + }, + { + "url": "https://vuldb.com/?ctiid.217606", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217606" + }, + { + "url": "https://github.com/polterguy/phosphorusfive/commit/c179a3d0703db55cfe0cb939b89593f2e7a87246", + "refsource": "MISC", + "name": "https://github.com/polterguy/phosphorusfive/commit/c179a3d0703db55cfe0cb939b89593f2e7a87246" + }, + { + "url": "https://github.com/polterguy/phosphorusfive/releases/tag/v8.3", + "refsource": "MISC", + "name": "https://github.com/polterguy/phosphorusfive/releases/tag/v8.3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25071.json b/2018/25xxx/CVE-2018-25071.json new file mode 100644 index 000000000000..2bc6f97f8101 --- /dev/null +++ b/2018/25xxx/CVE-2018-25071.json @@ -0,0 +1,343 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25071", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in roxlukas LMeve bis 0.1.58 ausgemacht. Davon betroffen ist die Funktion insert_log der Datei wwwroot/ccpwgl/proxy.php. Durch Manipulieren des Arguments fetch mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.1.59-beta vermag dieses Problem zu l\u00f6sen. Der Patch wird als c25ff7fe83a2cda1fcb365b182365adc3ffae332 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "roxlukas", + "product": { + "product_data": [ + { + "product_name": "LMeve", + "version": { + "version_data": [ + { + "version_value": "0.1.0", + "version_affected": "=" + }, + { + "version_value": "0.1.1", + "version_affected": "=" + }, + { + "version_value": "0.1.2", + "version_affected": "=" + }, + { + "version_value": "0.1.3", + "version_affected": "=" + }, + { + "version_value": "0.1.4", + "version_affected": "=" + }, + { + "version_value": "0.1.5", + "version_affected": "=" + }, + { + "version_value": "0.1.6", + "version_affected": "=" + }, + { + "version_value": "0.1.7", + "version_affected": "=" + }, + { + "version_value": "0.1.8", + "version_affected": "=" + }, + { + "version_value": "0.1.9", + "version_affected": "=" + }, + { + "version_value": "0.1.10", + "version_affected": "=" + }, + { + "version_value": "0.1.11", + "version_affected": "=" + }, + { + "version_value": "0.1.12", + "version_affected": "=" + }, + { + "version_value": "0.1.13", + "version_affected": "=" + }, + { + "version_value": "0.1.14", + "version_affected": "=" + }, + { + "version_value": "0.1.15", + "version_affected": "=" + }, + { + "version_value": "0.1.16", + "version_affected": "=" + }, + { + "version_value": "0.1.17", + "version_affected": "=" + }, + { + "version_value": "0.1.18", + "version_affected": "=" + }, + { + "version_value": "0.1.19", + "version_affected": "=" + }, + { + "version_value": "0.1.20", + "version_affected": "=" + }, + { + "version_value": "0.1.21", + "version_affected": "=" + }, + { + "version_value": "0.1.22", + "version_affected": "=" + }, + { + "version_value": "0.1.23", + "version_affected": "=" + }, + { + "version_value": "0.1.24", + "version_affected": "=" + }, + { + "version_value": "0.1.25", + "version_affected": "=" + }, + { + "version_value": "0.1.26", + "version_affected": "=" + }, + { + "version_value": "0.1.27", + "version_affected": "=" + }, + { + "version_value": "0.1.28", + "version_affected": "=" + }, + { + "version_value": "0.1.29", + "version_affected": "=" + }, + { + "version_value": "0.1.30", + "version_affected": "=" + }, + { + "version_value": "0.1.31", + "version_affected": "=" + }, + { + "version_value": "0.1.32", + "version_affected": "=" + }, + { + "version_value": "0.1.33", + "version_affected": "=" + }, + { + "version_value": "0.1.34", + "version_affected": "=" + }, + { + "version_value": "0.1.35", + "version_affected": "=" + }, + { + "version_value": "0.1.36", + "version_affected": "=" + }, + { + "version_value": "0.1.37", + "version_affected": "=" + }, + { + "version_value": "0.1.38", + "version_affected": "=" + }, + { + "version_value": "0.1.39", + "version_affected": "=" + }, + { + "version_value": "0.1.40", + "version_affected": "=" + }, + { + "version_value": "0.1.41", + "version_affected": "=" + }, + { + "version_value": "0.1.42", + "version_affected": "=" + }, + { + "version_value": "0.1.43", + "version_affected": "=" + }, + { + "version_value": "0.1.44", + "version_affected": "=" + }, + { + "version_value": "0.1.45", + "version_affected": "=" + }, + { + "version_value": "0.1.46", + "version_affected": "=" + }, + { + "version_value": "0.1.47", + "version_affected": "=" + }, + { + "version_value": "0.1.48", + "version_affected": "=" + }, + { + "version_value": "0.1.49", + "version_affected": "=" + }, + { + "version_value": "0.1.50", + "version_affected": "=" + }, + { + "version_value": "0.1.51", + "version_affected": "=" + }, + { + "version_value": "0.1.52", + "version_affected": "=" + }, + { + "version_value": "0.1.53", + "version_affected": "=" + }, + { + "version_value": "0.1.54", + "version_affected": "=" + }, + { + "version_value": "0.1.55", + "version_affected": "=" + }, + { + "version_value": "0.1.56", + "version_affected": "=" + }, + { + "version_value": "0.1.57", + "version_affected": "=" + }, + { + "version_value": "0.1.58", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217610", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217610" + }, + { + "url": "https://vuldb.com/?ctiid.217610", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217610" + }, + { + "url": "https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332", + "refsource": "MISC", + "name": "https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332" + }, + { + "url": "https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta", + "refsource": "MISC", + "name": "https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25072.json b/2018/25xxx/CVE-2018-25072.json new file mode 100644 index 000000000000..7d8c7f186396 --- /dev/null +++ b/2018/25xxx/CVE-2018-25072.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25072", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in lojban jbovlaste entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei dict/listing.html. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 6ff44c2e87b1113eb07d76ea62e1f64193b04d15 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "lojban", + "product": { + "product_data": [ + { + "product_name": "jbovlaste", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217647", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217647" + }, + { + "url": "https://vuldb.com/?ctiid.217647", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217647" + }, + { + "url": "https://github.com/lojban/jbovlaste/commit/6ff44c2e87b1113eb07d76ea62e1f64193b04d15", + "refsource": "MISC", + "name": "https://github.com/lojban/jbovlaste/commit/6ff44c2e87b1113eb07d76ea62e1f64193b04d15" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25073.json b/2018/25xxx/CVE-2018-25073.json new file mode 100644 index 000000000000..ce5b3b56f966 --- /dev/null +++ b/2018/25xxx/CVE-2018-25073.json @@ -0,0 +1,140 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25073", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Newcomer1989 TSN-Ranksystem bis 1.2.6 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion getlog der Datei webinterface/bot.php. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.2.7 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Newcomer1989", + "product": { + "product_data": [ + { + "product_name": "TSN-Ranksystem", + "version": { + "version_data": [ + { + "version_value": "1.2.0", + "version_affected": "=" + }, + { + "version_value": "1.2.1", + "version_affected": "=" + }, + { + "version_value": "1.2.2", + "version_affected": "=" + }, + { + "version_value": "1.2.3", + "version_affected": "=" + }, + { + "version_value": "1.2.4", + "version_affected": "=" + }, + { + "version_value": "1.2.5", + "version_affected": "=" + }, + { + "version_value": "1.2.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218002", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218002" + }, + { + "url": "https://vuldb.com/?ctiid.218002", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218002" + }, + { + "url": "https://github.com/Newcomer1989/TSN-Ranksystem/pull/467", + "refsource": "MISC", + "name": "https://github.com/Newcomer1989/TSN-Ranksystem/pull/467" + }, + { + "url": "https://github.com/Newcomer1989/TSN-Ranksystem/commit/b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77", + "refsource": "MISC", + "name": "https://github.com/Newcomer1989/TSN-Ranksystem/commit/b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77" + }, + { + "url": "https://github.com/Newcomer1989/TSN-Ranksystem/releases/tag/1.2.7", + "refsource": "MISC", + "name": "https://github.com/Newcomer1989/TSN-Ranksystem/releases/tag/1.2.7" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2018/25xxx/CVE-2018-25074.json b/2018/25xxx/CVE-2018-25074.json new file mode 100644 index 000000000000..6109aab4fa64 --- /dev/null +++ b/2018/25xxx/CVE-2018-25074.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-25074", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Prestaul skeemas gefunden. Betroffen davon ist ein unbekannter Prozess der Datei validators/base.js. Mittels dem Manipulieren des Arguments uri mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Patch wird als 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Prestaul", + "product": { + "product_data": [ + { + "product_name": "skeemas", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218003", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218003" + }, + { + "url": "https://vuldb.com/?ctiid.218003", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218003" + }, + { + "url": "https://github.com/Prestaul/skeemas/commit/65e94eda62dc8dc148ab3e59aa2ccc086ac448fd", + "refsource": "MISC", + "name": "https://github.com/Prestaul/skeemas/commit/65e94eda62dc8dc148ab3e59aa2ccc086ac448fd" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "James Davis" + }, + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4843.json b/2018/4xxx/CVE-2018-4843.json index 0ab84a0c1f31..a72045d940fa 100644 --- a/2018/4xxx/CVE-2018-4843.json +++ b/2018/4xxx/CVE-2018-4843.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2018-4843", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -29,7 +51,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -39,7 +62,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -49,7 +73,63 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -59,27 +139,129 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.7.0" + "version_value": "All versions < V1.7.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions < V1.7.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 Software Controller (incl. F)", + "product_name": "SIMATIC S7-300 CPU 319-3 PN/DP", "version": { "version_data": [ { - "version_value": "All versions < V1.7.0" + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-300 CPU 319F-3 PN/DP", "version": { "version_data": [ { - "version_value": "All versions < V3.X.16" + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -89,7 +271,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V6.0.9" + "version_value": "All versions < V6.0.9", + "version_affected": "=" } ] } @@ -99,7 +282,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V6.0.7" + "version_value": "All versions < V6.0.7", + "version_affected": "=" } ] } @@ -109,7 +293,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -119,17 +304,30 @@ "version": { "version_data": [ { - "version_value": "All versions < V8.1" + "version_value": "All versions < V8.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC WinAC RTX (F) 2010", + "product_name": "SIMATIC WinAC RTX 2010", "version": { "version_data": [ { - "version_value": "All versions < SIMATIC WinAC RTX 2010 SP3" + "version_value": "All versions < V2010 SP3", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC WinAC RTX F 2010", + "version": { + "version_data": [ + { + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } @@ -139,7 +337,85 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 SP6 HF1" + "version_value": "All versions < V4.7 SP6 HF1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -149,7 +425,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -160,32 +437,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation" - } - ] - } - ] - }, - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (incl. F) (All versions < V1.7.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected." + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf" } ] }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2018/8xxx/CVE-2018-8822.json b/2018/8xxx/CVE-2018-8822.json index 979d93a7df1c..ca15284a78fd 100644 --- a/2018/8xxx/CVE-2018-8822.json +++ b/2018/8xxx/CVE-2018-8822.json @@ -116,6 +116,11 @@ "name": "USN-3657-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3657-1/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221227 Re: Details on this supposed Linux Kernel ksmbd RCE", + "url": "http://www.openwall.com/lists/oss-security/2022/12/27/3" } ] } diff --git a/2018/8xxx/CVE-2018-8976.json b/2018/8xxx/CVE-2018-8976.json index f42adfe6701b..d911d5f07297 100644 --- a/2018/8xxx/CVE-2018-8976.json +++ b/2018/8xxx/CVE-2018-8976.json @@ -66,6 +66,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2101", "url": "https://access.redhat.com/errata/RHSA-2019:2101" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/1010xxx/CVE-2019-1010124.json b/2019/1010xxx/CVE-2019-1010124.json index 85ae8127236a..24ff9b592d65 100644 --- a/2019/1010xxx/CVE-2019-1010124.json +++ b/2019/1010xxx/CVE-2019-1010124.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://104.207.151.48/woo-feed-manage-list.php", - "refsource": "MISC", - "name": "http://104.207.151.48/woo-feed-manage-list.php" - }, { "url": "https://www.youtube.com/watch?v=T-sqQDFRRBg", "refsource": "MISC", diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 9b6ab6bd52c6..4ca1d981d37e 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10923", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION (incl. SIPLUS variants), SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.1.1 Patch 05" + "version_value": "All versions < V4.1.1 Patch 05", + "version_affected": "=" } ] } @@ -29,7 +51,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.5.0 Patch 01" + "version_value": "All versions < V4.5.0 Patch 01", + "version_affected": "=" } ] } @@ -39,7 +62,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.5.0" + "version_value": "All versions < V4.5.0", + "version_affected": "=" } ] } @@ -49,27 +73,63 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.2.1" + "version_value": "All versions < V5.2.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", + "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", + "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -79,7 +139,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -89,7 +150,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -99,7 +161,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -109,7 +172,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -119,7 +183,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -129,7 +194,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -139,7 +205,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -149,7 +216,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -159,7 +227,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -169,7 +238,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -179,7 +249,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -189,7 +260,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -199,7 +271,19 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" } ] } @@ -209,7 +293,19 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" } ] } @@ -219,7 +315,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.8" + "version_value": "All versions < V2.8", + "version_affected": "=" } ] } @@ -229,27 +326,129 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.8" + "version_value": "All versions < V2.8", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)", + "product_name": "SIMATIC S7-300 CPU 317F-2 PN/DP", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-300 CPU 317T-3 PN/DP", "version": { "version_data": [ { - "version_value": "All versions < V3.X.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 319-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 319F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -259,7 +458,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -269,17 +469,30 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC WinAC RTX 2010", + "version": { + "version_data": [ + { + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC WinAC RTX (F) 2010", + "product_name": "SIMATIC WinAC RTX F 2010", "version": { "version_data": [ { - "version_value": "All versions < SIMATIC WinAC RTX 2010 SP3" + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } @@ -289,7 +502,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -299,7 +513,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.5 HF1" + "version_value": "All versions < V1.5 HF1", + "version_affected": "=" } ] } @@ -309,7 +524,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.3" + "version_value": "All versions < V1.3", + "version_affected": "=" } ] } @@ -319,7 +535,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 SP10 HF5" + "version_value": "All versions < V4.7 SP10 HF5", + "version_affected": "=" } ] } @@ -329,7 +546,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 SP10 HF5" + "version_value": "All versions < V4.7 SP10 HF5", + "version_affected": "=" } ] } @@ -339,7 +557,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 HF29" + "version_value": "All versions < V4.7 HF29", + "version_affected": "=" } ] } @@ -349,7 +568,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8" + "version_value": "All versions < V4.8", + "version_affected": "=" } ] } @@ -359,7 +579,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -369,7 +590,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -379,7 +601,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -389,7 +612,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -399,7 +623,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 HF34" + "version_value": "All versions < V4.7 HF34", + "version_affected": "=" } ] } @@ -409,7 +634,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8" + "version_value": "All versions < V4.8", + "version_affected": "=" } ] } @@ -419,7 +645,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 HF33" + "version_value": "All versions < V4.7 HF33", + "version_affected": "=" } ] } @@ -429,7 +656,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -439,7 +667,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP5" + "version_value": "All versions < V4.8 SP5", + "version_affected": "=" } ] } @@ -449,7 +678,85 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.8 SP5", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -460,33 +767,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (All versions), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN: IO-Link Master (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index c33c963b89cd..55fefef36926 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10936", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial-of-service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -29,7 +51,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -39,7 +62,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.6 Patch 01" + "version_value": "All versions < V4.6 Patch 01", + "version_affected": "=" } ] } @@ -49,67 +73,74 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.2.0" + "version_value": "All versions < V1.2.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", + "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", + "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", + "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", + "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -119,267 +150,294 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.3.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.4.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { - "version_value": "All versions < V1.2.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.2.2" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.2.2" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { - "version_value": "All versions < V4.2.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", + "product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.3.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", + "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.4.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", + "product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", + "product_name": "SIMATIC ET200pro", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", + "product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", + "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.2.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", + "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.2.2", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", + "product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.0.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", + "product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master", + "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.2.2", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200pro", + "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.2.1", + "version_affected": "=" } ] } @@ -389,7 +447,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -399,7 +458,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -409,7 +469,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -419,7 +480,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.2.1" + "version_value": "All versions < V4.2.1", + "version_affected": "=" } ] } @@ -429,7 +491,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.1" + "version_value": "All versions < V2.1", + "version_affected": "=" } ] } @@ -439,7 +502,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.4.0" + "version_value": "All versions < V4.4.0", + "version_affected": "=" } ] } @@ -449,7 +513,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -459,7 +524,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -469,7 +535,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.3.17" + "version_value": "All versions < V3.3.17", + "version_affected": "=" } ] } @@ -479,7 +546,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -489,7 +557,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -499,7 +568,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -509,7 +579,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -519,7 +590,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -529,7 +601,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -539,7 +612,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -549,7 +623,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -559,7 +634,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -569,7 +645,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V6.0.9" + "version_value": "All versions < V6.0.9", + "version_affected": "=" } ] } @@ -579,7 +656,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -589,7 +667,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -599,7 +678,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V8.2.2" + "version_value": "All versions < V8.2.2", + "version_affected": "=" } ] } @@ -609,7 +689,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1.8" + "version_value": "All versions < V1.1.8", + "version_affected": "=" } ] } @@ -619,7 +700,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1.1" + "version_value": "All versions < V1.1.1", + "version_affected": "=" } ] } @@ -629,7 +711,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2010 SP3" + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } @@ -639,7 +722,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2010 SP3" + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } @@ -649,7 +733,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.5 HF1" + "version_value": "All versions < V1.5 HF1", + "version_affected": "=" } ] } @@ -659,7 +744,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.3" + "version_value": "All versions < V1.3", + "version_affected": "=" } ] } @@ -669,7 +755,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 SP10 HF5" + "version_value": "All versions < V4.7 SP10 HF5", + "version_affected": "=" } ] } @@ -679,7 +766,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 SP10 HF5" + "version_value": "All versions < V4.7 SP10 HF5", + "version_affected": "=" } ] } @@ -689,7 +777,8 @@ "version": { "version_data": [ { - "version_value": "All versions < 4.8" + "version_value": "All versions < 4.8", + "version_affected": "=" } ] } @@ -699,7 +788,8 @@ "version": { "version_data": [ { - "version_value": "All versions < 4.8" + "version_value": "All versions < 4.8", + "version_affected": "=" } ] } @@ -709,7 +799,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -719,7 +810,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -729,7 +821,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -739,7 +832,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -749,7 +843,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -759,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions < 4.8" + "version_value": "All versions < 4.8", + "version_affected": "=" } ] } @@ -769,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 HF33" + "version_value": "All versions < V4.7 HF33", + "version_affected": "=" } ] } @@ -779,7 +876,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -789,7 +887,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP5" + "version_value": "All versions < V4.8 SP5", + "version_affected": "=" } ] } @@ -799,7 +898,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP6" + "version_value": "All versions < V4.8 SP6", + "version_affected": "=" } ] } @@ -809,7 +909,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -819,7 +920,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -829,7 +931,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.2.1" + "version_value": "All versions < V4.2.1", + "version_affected": "=" } ] } @@ -839,7 +942,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.3.17" + "version_value": "All versions < V3.3.17", + "version_affected": "=" } ] } @@ -849,7 +953,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -859,7 +964,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -869,7 +975,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -879,7 +986,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.17" + "version_value": "All versions < V3.2.17", + "version_affected": "=" } ] } @@ -890,33 +998,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial-of-service condition." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11824.json b/2019/11xxx/CVE-2019-11824.json index fa58a8e25337..65ee6bc972a6 100644 --- a/2019/11xxx/CVE-2019-11824.json +++ b/2019/11xxx/CVE-2019-11824.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2019-11824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2019/11xxx/CVE-2019-11851.json b/2019/11xxx/CVE-2019-11851.json index c9fc0855d264..1c55d8d65d00 100644 --- a/2019/11xxx/CVE-2019-11851.json +++ b/2019/11xxx/CVE-2019-11851.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sierrawireless.com/company/security/", + "refsource": "MISC", + "name": "https://www.sierrawireless.com/company/security/" + }, + { + "url": "http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx", + "refsource": "MISC", + "name": "http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx" } ] } diff --git a/2019/13xxx/CVE-2019-13110.json b/2019/13xxx/CVE-2019-13110.json index c4dd798d2f1f..5a868a59edd1 100644 --- a/2019/13xxx/CVE-2019-13110.json +++ b/2019/13xxx/CVE-2019-13110.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-60553d5a18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/13xxx/CVE-2019-13112.json b/2019/13xxx/CVE-2019-13112.json index f22c3774b0e3..72bff870463d 100644 --- a/2019/13xxx/CVE-2019-13112.json +++ b/2019/13xxx/CVE-2019-13112.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-60553d5a18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/13xxx/CVE-2019-13114.json b/2019/13xxx/CVE-2019-13114.json index d69ccd73126f..bff3069f7f4e 100644 --- a/2019/13xxx/CVE-2019-13114.json +++ b/2019/13xxx/CVE-2019-13114.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0482", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/13xxx/CVE-2019-13504.json b/2019/13xxx/CVE-2019-13504.json index 1cb21989af9f..439dff83a32b 100644 --- a/2019/13xxx/CVE-2019-13504.json +++ b/2019/13xxx/CVE-2019-13504.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1855-1] exiv2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00015.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/13xxx/CVE-2019-13768.json b/2019/13xxx/CVE-2019-13768.json new file mode 100644 index 000000000000..1ef2717b49c1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13768.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-13768", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "72.0.3626.81", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/922677", + "refsource": "MISC", + "name": "https://crbug.com/922677" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13940.json b/2019/13xxx/CVE-2019-13940.json index 78d52b52a3f1..e513fb611977 100644 --- a/2019/13xxx/CVE-2019-13940.json +++ b/2019/13xxx/CVE-2019-13940.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13940", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -14,22 +35,178 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, { "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V4.1" + "version_value": "All versions < V4.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-300 CPU 317T-3 PN/DP", "version": { "version_data": [ { - "version_value": "All versions < V3.X.17" + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 319-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 319F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" } ] } @@ -39,7 +216,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -49,17 +227,107 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC WinAC RTX 2010", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC WinAC RTX F 2010", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC WinAC RTX (F) 2010", + "product_name": "SIPLUS S7-300 CPU 314C-2 PN/DP", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17", + "version_affected": "=" } ] } @@ -70,37 +338,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u2019s web server. Beyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf" - }, + } + ] + }, + "impact": { + "cvss": [ { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05", - "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2019/13xxx/CVE-2019-13988.json b/2019/13xxx/CVE-2019-13988.json new file mode 100644 index 000000000000..a0642de27d84 --- /dev/null +++ b/2019/13xxx/CVE-2019-13988.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-13988", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sierrawireless.com/company/security/", + "refsource": "MISC", + "name": "https://www.sierrawireless.com/company/security/" + }, + { + "url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx", + "refsource": "MISC", + "name": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14369.json b/2019/14xxx/CVE-2019-14369.json index f1847d20119e..2077000add17 100644 --- a/2019/14xxx/CVE-2019-14369.json +++ b/2019/14xxx/CVE-2019-14369.json @@ -56,6 +56,11 @@ "url": "https://github.com/Exiv2/exiv2/issues/953", "refsource": "MISC", "name": "https://github.com/Exiv2/exiv2/issues/953" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/14xxx/CVE-2019-14370.json b/2019/14xxx/CVE-2019-14370.json index 914213d1b73e..a0c676372b40 100644 --- a/2019/14xxx/CVE-2019-14370.json +++ b/2019/14xxx/CVE-2019-14370.json @@ -56,6 +56,11 @@ "url": "https://github.com/Exiv2/exiv2/issues/954", "refsource": "MISC", "name": "https://github.com/Exiv2/exiv2/issues/954" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/14xxx/CVE-2019-14802.json b/2019/14xxx/CVE-2019-14802.json new file mode 100644 index 000000000000..19d9aa1a97d8 --- /dev/null +++ b/2019/14xxx/CVE-2019-14802.json @@ -0,0 +1,68 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-14802", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/nomad", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/nomad" + }, + { + "url": "https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html", + "refsource": "MISC", + "name": "https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16891.json b/2019/16xxx/CVE-2019-16891.json index 1eab2dd2b5f3..80a71957b8dc 100644 --- a/2019/16xxx/CVE-2019-16891.json +++ b/2019/16xxx/CVE-2019-16891.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4/", "url": "https://sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4/" + }, + { + "refsource": "MISC", + "name": "https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from", + "url": "https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from" } ] } diff --git a/2019/16xxx/CVE-2019-16910.json b/2019/16xxx/CVE-2019-16910.json index 269f7941eedb..558f7eaee957 100644 --- a/2019/16xxx/CVE-2019-16910.json +++ b/2019/16xxx/CVE-2019-16910.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16910", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,29 +59,34 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-1240f0fe43", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/" + }, + { + "url": "https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd", + "refsource": "MISC", + "name": "https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd" }, { + "url": "https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b", "refsource": "MISC", - "name": "https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd", - "url": "https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd" + "name": "https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b" }, { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/", "refsource": "MISC", - "name": "https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b", - "url": "https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b" + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-07940971b2", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2019-89891f3e4a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2019/17xxx/CVE-2019-17402.json b/2019/17xxx/CVE-2019-17402.json index 5942ca83a931..9c15224361f1 100644 --- a/2019/17xxx/CVE-2019-17402.json +++ b/2019/17xxx/CVE-2019-17402.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191202 [SECURITY] [DLA 2019-1] exiv2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2019/17xxx/CVE-2019-17438.json b/2019/17xxx/CVE-2019-17438.json new file mode 100644 index 000000000000..46bc89b582c0 --- /dev/null +++ b/2019/17xxx/CVE-2019-17438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17438", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17439.json b/2019/17xxx/CVE-2019-17439.json new file mode 100644 index 000000000000..6e6c4a0d68d8 --- /dev/null +++ b/2019/17xxx/CVE-2019-17439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17439", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17441.json b/2019/17xxx/CVE-2019-17441.json new file mode 100644 index 000000000000..f1504aa43547 --- /dev/null +++ b/2019/17xxx/CVE-2019-17441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17441", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17442.json b/2019/17xxx/CVE-2019-17442.json new file mode 100644 index 000000000000..c81af497dd39 --- /dev/null +++ b/2019/17xxx/CVE-2019-17442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17442", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17443.json b/2019/17xxx/CVE-2019-17443.json new file mode 100644 index 000000000000..70bdbd0e7c95 --- /dev/null +++ b/2019/17xxx/CVE-2019-17443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18177.json b/2019/18xxx/CVE-2019-18177.json new file mode 100644 index 000000000000..c612fc1b42a0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18177.json @@ -0,0 +1,63 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-18177", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update", + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18222.json b/2019/18xxx/CVE-2019-18222.json index 1774ccb21902..07b35746dffe 100644 --- a/2019/18xxx/CVE-2019-18222.json +++ b/2019/18xxx/CVE-2019-18222.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18222", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,19 +59,24 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories" }, { - "refsource": "CONFIRM", - "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12", - "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" + }, + { + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-8d3ea0fe8d", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-5bcfae9f46", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/" } ] } diff --git a/2019/19xxx/CVE-2019-19030.json b/2019/19xxx/CVE-2019-19030.json new file mode 100644 index 000000000000..9371ecebaa35 --- /dev/null +++ b/2019/19xxx/CVE-2019-19030.json @@ -0,0 +1,63 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-19030", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j", + "refsource": "MISC", + "name": "https://github.com/goharbor/harbor/security/advisories/GHSA-q9x4-q76f-5h5j" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19300.json b/2019/19xxx/CVE-2019-19300.json index d34c2d084554..aad041ff6784 100644 --- a/2019/19xxx/CVE-2019-19300.json +++ b/2019/19xxx/CVE-2019-19300.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-19300", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -29,7 +51,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -39,7 +62,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -49,7 +73,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -59,7 +84,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -69,7 +95,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -79,7 +106,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -89,7 +117,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -99,127 +128,140 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L", "version": { "version_data": [ { - "version_value": "All versions >= V4.2" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 MF HF", + "product_name": "SIMATIC ET200ecoPN, DI 16x24VDC, M12-L", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, DI 8x24VDC, M12-L", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L", "version": { "version_data": [ { - "version_value": "All versions >= V4.2" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L", "version": { "version_data": [ { - "version_value": "All versions >= V4.2" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", + "product_name": "SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L", "version": { "version_data": [ { - "version_value": "All versions >= V4.2" + "version_value": "All versions >= V5.1.1", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L", + "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions >= V4.2", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, DI 16x24VDC, M12-L", + "product_name": "SIMATIC ET200SP IM155-6 MF HF", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, DI 8x24VDC, M12-L", + "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L", + "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions >= V4.2", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L", + "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions >= V4.2", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L", + "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions >= V5.1.1" + "version_value": "All versions >= V4.2", + "version_affected": "=" } ] } @@ -229,7 +271,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -239,7 +282,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -249,7 +293,8 @@ "version": { "version_data": [ { - "version_value": "All versions >= V4.2" + "version_value": "All versions >= V4.2", + "version_affected": "=" } ] } @@ -259,7 +304,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.4.0" + "version_value": "All versions < V4.4.0", + "version_affected": "=" } ] } @@ -269,7 +315,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -279,7 +326,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0" + "version_value": "All versions < V2.0", + "version_affected": "=" } ] } @@ -289,7 +337,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -299,27 +348,41 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-410 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V10.1.1" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" } ] } @@ -329,7 +392,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -339,7 +403,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -349,7 +414,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -359,7 +425,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -369,7 +436,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -380,37 +448,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V10.1.1), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf" - }, + } + ] + }, + "impact": { + "cvss": [ { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-20-105-08", - "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-08" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2019/19xxx/CVE-2019-19705.json b/2019/19xxx/CVE-2019-19705.json index 7f4d2fcf3465..5710d4ebd3b7 100644 --- a/2019/19xxx/CVE-2019-19705.json +++ b/2019/19xxx/CVE-2019-19705.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/ps500315-realtek-audio-driver-vulnerability", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/ps500315-realtek-audio-driver-vulnerability" } ] } diff --git a/2019/20xxx/CVE-2019-20180.json b/2019/20xxx/CVE-2019-20180.json index 3c27df9b4510..8e4e4a7c58f4 100644 --- a/2019/20xxx/CVE-2019-20180.json +++ b/2019/20xxx/CVE-2019-20180.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10016", "url": "https://wpvulndb.com/vulnerabilities/10016" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996", + "url": "https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996" } ] } diff --git a/2019/25xxx/CVE-2019-25070.json b/2019/25xxx/CVE-2019-25070.json index 5a961bb34918..480555f4373d 100644 --- a/2019/25xxx/CVE-2019-25070.json +++ b/2019/25xxx/CVE-2019-25070.json @@ -1,20 +1,42 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-25070", - "TITLE": "WolfCMS User Add cross site scriting", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, - "generator": "vuldb.com", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in WolfCMS bis 0.8.3.1 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /wolfcms/?/admin/user/add der Komponente User Add. Dank Manipulation des Arguments name mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Basic Cross Site Scripting", + "cweId": "CWE-80" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "", + "vendor_name": "n/a", "product": { "product_data": [ { @@ -22,10 +44,12 @@ "version": { "version_data": [ { - "version_value": "0.8.3.0" + "version_value": "0.8.3.0", + "version_affected": "=" }, { - "version_value": "0.8.3.1" + "version_value": "0.8.3.1", + "version_affected": "=" } ] } @@ -36,33 +60,6 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-80 Basic Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" - } - }, "references": { "reference_data": [ { @@ -74,6 +71,39 @@ "url": "https://vuldb.com/?id.135125", "refsource": "MISC", "name": "https://vuldb.com/?id.135125" + }, + { + "url": "https://vuldb.com/?ctiid.135125", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.135125" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "pramodrana (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.5, + "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", + "baseSeverity": "LOW" } ] } diff --git a/2019/25xxx/CVE-2019-25072.json b/2019/25xxx/CVE-2019-25072.json index 2946d7e78b81..36240f3bfb1c 100644 --- a/2019/25xxx/CVE-2019-25072.json +++ b/2019/25xxx/CVE-2019-25072.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-25072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/tendermint/tendermint", + "product": { + "product_data": [ + { + "product_name": "github.com/tendermint/tendermint/rpc/client", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tendermint/tendermint/pull/3430", + "refsource": "MISC", + "name": "https://github.com/tendermint/tendermint/pull/3430" + }, + { + "url": "https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613", + "refsource": "MISC", + "name": "https://github.com/tendermint/tendermint/commit/03085c2da23b179c4a51f59a03cb40aa4e85a613" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0037", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0037" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@guagualvcha" + } + ] } \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25073.json b/2019/25xxx/CVE-2019-25073.json index 8d207eb1e708..f7d8ba1333e1 100644 --- a/2019/25xxx/CVE-2019-25073.json +++ b/2019/25xxx/CVE-2019-25073.json @@ -1,18 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-25073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/goadesign/goa", + "product": { + "product_data": [ + { + "product_name": "github.com/goadesign/goa", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "goa.design/goa", + "product": { + "product_data": [ + { + "product_name": "goa.design/goa", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "goa.design/goa/v3", + "product": { + "product_data": [ + { + "product_name": "goa.design/goa/v3", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/goadesign/goa/pull/2388", + "refsource": "MISC", + "name": "https://github.com/goadesign/goa/pull/2388" + }, + { + "url": "https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39", + "refsource": "MISC", + "name": "https://github.com/goadesign/goa/commit/70b5a199d0f813d74423993832c424e1fc73fb39" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0032", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0032" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@christi3k" + } + ] } \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25079.json b/2019/25xxx/CVE-2019-25079.json new file mode 100644 index 000000000000..d8881ebacee9 --- /dev/null +++ b/2019/25xxx/CVE-2019-25079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25080.json b/2019/25xxx/CVE-2019-25080.json new file mode 100644 index 000000000000..25c523ab4437 --- /dev/null +++ b/2019/25xxx/CVE-2019-25080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25081.json b/2019/25xxx/CVE-2019-25081.json new file mode 100644 index 000000000000..37262e3e3a2b --- /dev/null +++ b/2019/25xxx/CVE-2019-25081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25082.json b/2019/25xxx/CVE-2019-25082.json new file mode 100644 index 000000000000..41ccde75778f --- /dev/null +++ b/2019/25xxx/CVE-2019-25082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25083.json b/2019/25xxx/CVE-2019-25083.json new file mode 100644 index 000000000000..052b9e83ab98 --- /dev/null +++ b/2019/25xxx/CVE-2019-25083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25084.json b/2019/25xxx/CVE-2019-25084.json new file mode 100644 index 000000000000..005d8745c1cd --- /dev/null +++ b/2019/25xxx/CVE-2019-25084.json @@ -0,0 +1,104 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25084", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Hide Files on GitHub bis 2.x entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft die Funktion addEventListener der Datei extension/options.js. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9de0c57df81db1178e0e79431d462f6d9842742e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Hide Files on GitHub", + "version": { + "version_data": [ + { + "version_value": "2.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216767", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216767" + }, + { + "url": "https://vuldb.com/?ctiid.216767", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216767" + }, + { + "url": "https://github.com/sindresorhus/hide-files-on-github/pull/73", + "refsource": "MISC", + "name": "https://github.com/sindresorhus/hide-files-on-github/pull/73" + }, + { + "url": "https://github.com/sindresorhus/hide-files-on-github/commit/9de0c57df81db1178e0e79431d462f6d9842742e", + "refsource": "MISC", + "name": "https://github.com/sindresorhus/hide-files-on-github/commit/9de0c57df81db1178e0e79431d462f6d9842742e" + }, + { + "url": "https://github.com/sindresorhus/hide-files-on-github/releases/tag/3.0.0", + "refsource": "MISC", + "name": "https://github.com/sindresorhus/hide-files-on-github/releases/tag/3.0.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25085.json b/2019/25xxx/CVE-2019-25085.json new file mode 100644 index 000000000000..d0912bbbcf3a --- /dev/null +++ b/2019/25xxx/CVE-2019-25085.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25085", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in GNOME gvdb ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion gvdb_table_write_contents_async der Datei gvdb-builder.c. Dank Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als d83587b2a364eb9a9a53be7e6a708074e252de14 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GNOME", + "product": { + "product_data": [ + { + "product_name": "gvdb", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216789", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216789" + }, + { + "url": "https://vuldb.com/?ctiid.216789", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216789" + }, + { + "url": "https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14", + "refsource": "MISC", + "name": "https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25086.json b/2019/25xxx/CVE-2019-25086.json new file mode 100644 index 000000000000..baf7378037c6 --- /dev/null +++ b/2019/25xxx/CVE-2019-25086.json @@ -0,0 +1,129 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25086", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.5.1 is able to address this issue. The name of the patch is 3f39f2d68d11895929c04f7b49b97a734ae7cd1f. It is recommended to upgrade the affected component. VDB-216862 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In IET-OU Open Media Player bis 1.5.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion webvtt der Datei application/controllers/timedtext.php. Durch Manipulieren des Arguments ttml_url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.5.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 3f39f2d68d11895929c04f7b49b97a734ae7cd1f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IET-OU", + "product": { + "product_data": [ + { + "product_name": "Open Media Player", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216862", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216862" + }, + { + "url": "https://vuldb.com/?ctiid.216862", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216862" + }, + { + "url": "https://github.com/IET-OU/open-media-player/issues/93", + "refsource": "MISC", + "name": "https://github.com/IET-OU/open-media-player/issues/93" + }, + { + "url": "https://iet.eu.teamwork.com/desk/#/tickets/366419", + "refsource": "MISC", + "name": "https://iet.eu.teamwork.com/desk/#/tickets/366419" + }, + { + "url": "https://github.com/IET-OU/open-media-player/commit/3f39f2d68d11895929c04f7b49b97a734ae7cd1f", + "refsource": "MISC", + "name": "https://github.com/IET-OU/open-media-player/commit/3f39f2d68d11895929c04f7b49b97a734ae7cd1f" + }, + { + "url": "https://github.com/IET-OU/open-media-player/releases/tag/1.5.1", + "refsource": "MISC", + "name": "https://github.com/IET-OU/open-media-player/releases/tag/1.5.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25087.json b/2019/25xxx/CVE-2019-25087.json new file mode 100644 index 000000000000..ccec819a57c0 --- /dev/null +++ b/2019/25xxx/CVE-2019-25087.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25087", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in RamseyK httpserver ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion ResourceHost::getResource der Datei src/ResourceHost.cpp der Komponente URI Handler. Durch das Beeinflussen des Arguments uri mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-24 Path Traversal: '../filedir'", + "cweId": "CWE-24" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RamseyK", + "product": { + "product_data": [ + { + "product_name": "httpserver", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216863", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216863" + }, + { + "url": "https://vuldb.com/?ctiid.216863", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216863" + }, + { + "url": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52", + "refsource": "MISC", + "name": "https://github.com/RamseyK/httpserver/commit/1a0de56e4dafff9c2f9c8f6b130a764f7a50df52" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25088.json b/2019/25xxx/CVE-2019-25088.json new file mode 100644 index 000000000000..4db7cb07b548 --- /dev/null +++ b/2019/25xxx/CVE-2019-25088.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25088", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in ytti Oxidized Web ausgemacht. Es betrifft eine unbekannte Funktion der Datei lib/oxidized/web/views/conf_search.haml. Mittels dem Manipulieren des Arguments to_research mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ytti", + "product": { + "product_data": [ + { + "product_name": "Oxidized Web", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216870", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216870" + }, + { + "url": "https://vuldb.com/?ctiid.216870", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216870" + }, + { + "url": "https://github.com/ytti/oxidized-web/pull/195", + "refsource": "MISC", + "name": "https://github.com/ytti/oxidized-web/pull/195" + }, + { + "url": "https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45", + "refsource": "MISC", + "name": "https://github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25089.json b/2019/25xxx/CVE-2019-25089.json new file mode 100644 index 000000000000..1e41732d6938 --- /dev/null +++ b/2019/25xxx/CVE-2019-25089.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25089", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Morgawr Muon 0.1.1 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei src/muon/handler.clj. Dank Manipulation mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 0.2.0-indev vermag dieses Problem zu l\u00f6sen. Der Patch wird als c09ed972c020f759110c707b06ca2644f0bacd7f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Insufficiently Random Values", + "cweId": "CWE-330" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Morgawr", + "product": { + "product_data": [ + { + "product_name": "Muon", + "version": { + "version_data": [ + { + "version_value": "0.1.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216877", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216877" + }, + { + "url": "https://vuldb.com/?ctiid.216877", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216877" + }, + { + "url": "https://github.com/Morgawr/Muon/issues/4", + "refsource": "MISC", + "name": "https://github.com/Morgawr/Muon/issues/4" + }, + { + "url": "https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f", + "refsource": "MISC", + "name": "https://github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25090.json b/2019/25xxx/CVE-2019-25090.json new file mode 100644 index 000000000000..47b2b93a9838 --- /dev/null +++ b/2019/25xxx/CVE-2019-25090.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25090", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in FreePBX arimanager bis 13.0.5.3 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Views Handler. Mit der Manipulation des Arguments dataurl mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 13.0.5.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreePBX", + "product": { + "product_data": [ + { + "product_name": "arimanager", + "version": { + "version_data": [ + { + "version_value": "13.0.5.0", + "version_affected": "=" + }, + { + "version_value": "13.0.5.1", + "version_affected": "=" + }, + { + "version_value": "13.0.5.2", + "version_affected": "=" + }, + { + "version_value": "13.0.5.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216878", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216878" + }, + { + "url": "https://vuldb.com/?ctiid.216878", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216878" + }, + { + "url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab", + "refsource": "MISC", + "name": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab" + }, + { + "url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4", + "refsource": "MISC", + "name": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25091.json b/2019/25xxx/CVE-2019-25091.json new file mode 100644 index 000000000000..0aabab14d4d2 --- /dev/null +++ b/2019/25xxx/CVE-2019-25091.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25091", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in nsupdate.info entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei src/nsupdate/settings/base.py der Komponente CSRF Cookie Handler. Dank der Manipulation des Arguments CSRF_COOKIE_HTTPONLY mit unbekannten Daten kann eine cookie without 'httponly' flag-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 60a3fe559c453bc36b0ec3e5dd39c1303640a59a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1004 Cookie Without 'HttpOnly' Flag", + "cweId": "CWE-1004" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "nsupdate.info", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216909", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216909" + }, + { + "url": "https://vuldb.com/?ctiid.216909", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216909" + }, + { + "url": "https://github.com/nsupdate-info/nsupdate.info/pull/410", + "refsource": "MISC", + "name": "https://github.com/nsupdate-info/nsupdate.info/pull/410" + }, + { + "url": "https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a", + "refsource": "MISC", + "name": "https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.7, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25092.json b/2019/25xxx/CVE-2019-25092.json new file mode 100644 index 000000000000..551a52dd06fc --- /dev/null +++ b/2019/25xxx/CVE-2019-25092.json @@ -0,0 +1,103 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25092", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is e0b6965f8dde608a3d2621617c05695eb406cbb9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216955." + }, + { + "lang": "deu", + "value": "In Nakiami Mellivora bis 2.1.x wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion print_user_ip_log der Datei include/layout/user.inc.php der Komponente Admin Panel. Mit der Manipulation des Arguments $entry['ip'] mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e0b6965f8dde608a3d2621617c05695eb406cbb9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nakiami", + "product": { + "product_data": [ + { + "product_name": "Mellivora", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216955", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216955" + }, + { + "url": "https://vuldb.com/?ctiid.216955", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216955" + }, + { + "url": "https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9", + "refsource": "MISC", + "name": "https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9" + }, + { + "url": "https://github.com/Nakiami/mellivora/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/Nakiami/mellivora/releases/tag/v2.2.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25093.json b/2019/25xxx/CVE-2019-25093.json new file mode 100644 index 000000000000..65fab80e7244 --- /dev/null +++ b/2019/25xxx/CVE-2019-25093.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25093", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in dragonexpert Recent Threads on Index gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion recentthread_list_threads der Datei inc/plugins/recentthreads/hooks.php der Komponente Setting Handler. Durch das Beeinflussen des Arguments recentthread_forumskip mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 051465d807a8fcc6a8b0f4bcbb19299672399f48 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dragonexpert", + "product": { + "product_data": [ + { + "product_name": "Recent Threads on Index", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217182", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217182" + }, + { + "url": "https://vuldb.com/?ctiid.217182", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217182" + }, + { + "url": "https://github.com/dragonexpert/recentthreads/commit/051465d807a8fcc6a8b0f4bcbb19299672399f48", + "refsource": "MISC", + "name": "https://github.com/dragonexpert/recentthreads/commit/051465d807a8fcc6a8b0f4bcbb19299672399f48" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25094.json b/2019/25xxx/CVE-2019-25094.json new file mode 100644 index 000000000000..e113ea3ba67f --- /dev/null +++ b/2019/25xxx/CVE-2019-25094.json @@ -0,0 +1,131 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25094", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The name of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in innologi appointments Extension bis 2.0.5 gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente Appointment Handler. Durch Manipulation des Arguments formfield mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 986d3cb34e5e086c6f04e061f600ffc5837abe7f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "innologi", + "product": { + "product_data": [ + { + "product_name": "appointments Extension", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": "=" + }, + { + "version_value": "2.0.1", + "version_affected": "=" + }, + { + "version_value": "2.0.2", + "version_affected": "=" + }, + { + "version_value": "2.0.3", + "version_affected": "=" + }, + { + "version_value": "2.0.4", + "version_affected": "=" + }, + { + "version_value": "2.0.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217353", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217353" + }, + { + "url": "https://vuldb.com/?ctiid.217353", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217353" + }, + { + "url": "https://github.com/innologi/typo3-appointments/commit/986d3cb34e5e086c6f04e061f600ffc5837abe7f", + "refsource": "MISC", + "name": "https://github.com/innologi/typo3-appointments/commit/986d3cb34e5e086c6f04e061f600ffc5837abe7f" + }, + { + "url": "https://github.com/innologi/typo3-appointments/releases/tag/2.0.6", + "refsource": "MISC", + "name": "https://github.com/innologi/typo3-appointments/releases/tag/2.0.6" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25095.json b/2019/25xxx/CVE-2019-25095.json new file mode 100644 index 000000000000..2a80e05cef00 --- /dev/null +++ b/2019/25xxx/CVE-2019-25095.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25095", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in kakwa LdapCherry bis 0.x gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente URL Handler. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6f98076281e9452fdb1adcd1bcbb70a6f968ade9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kakwa", + "product": { + "product_data": [ + { + "product_name": "LdapCherry", + "version": { + "version_data": [ + { + "version_value": "0.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217434", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217434" + }, + { + "url": "https://vuldb.com/?ctiid.217434", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217434" + }, + { + "url": "https://github.com/kakwa/ldapcherry/pull/16", + "refsource": "MISC", + "name": "https://github.com/kakwa/ldapcherry/pull/16" + }, + { + "url": "https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9", + "refsource": "MISC", + "name": "https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9" + }, + { + "url": "https://github.com/kakwa/ldapcherry/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/kakwa/ldapcherry/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25096.json b/2019/25xxx/CVE-2019-25096.json new file mode 100644 index 000000000000..63bcebdc8836 --- /dev/null +++ b/2019/25xxx/CVE-2019-25096.json @@ -0,0 +1,159 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25096", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435." + }, + { + "lang": "deu", + "value": "In soerennb eXtplorer bis 2.1.12 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch das Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.1.13 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "soerennb", + "product": { + "product_data": [ + { + "product_name": "eXtplorer", + "version": { + "version_data": [ + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "2.1.1", + "version_affected": "=" + }, + { + "version_value": "2.1.2", + "version_affected": "=" + }, + { + "version_value": "2.1.3", + "version_affected": "=" + }, + { + "version_value": "2.1.4", + "version_affected": "=" + }, + { + "version_value": "2.1.5", + "version_affected": "=" + }, + { + "version_value": "2.1.6", + "version_affected": "=" + }, + { + "version_value": "2.1.7", + "version_affected": "=" + }, + { + "version_value": "2.1.8", + "version_affected": "=" + }, + { + "version_value": "2.1.9", + "version_affected": "=" + }, + { + "version_value": "2.1.10", + "version_affected": "=" + }, + { + "version_value": "2.1.11", + "version_affected": "=" + }, + { + "version_value": "2.1.12", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217435", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217435" + }, + { + "url": "https://vuldb.com/?ctiid.217435", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217435" + }, + { + "url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46" + }, + { + "url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25097.json b/2019/25xxx/CVE-2019-25097.json new file mode 100644 index 000000000000..092f34e8986d --- /dev/null +++ b/2019/25xxx/CVE-2019-25097.json @@ -0,0 +1,159 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25097", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217436." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in soerennb eXtplorer bis 2.1.12 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Directory Content Handler. Durch Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.1.13 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "soerennb", + "product": { + "product_data": [ + { + "product_name": "eXtplorer", + "version": { + "version_data": [ + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "2.1.1", + "version_affected": "=" + }, + { + "version_value": "2.1.2", + "version_affected": "=" + }, + { + "version_value": "2.1.3", + "version_affected": "=" + }, + { + "version_value": "2.1.4", + "version_affected": "=" + }, + { + "version_value": "2.1.5", + "version_affected": "=" + }, + { + "version_value": "2.1.6", + "version_affected": "=" + }, + { + "version_value": "2.1.7", + "version_affected": "=" + }, + { + "version_value": "2.1.8", + "version_affected": "=" + }, + { + "version_value": "2.1.9", + "version_affected": "=" + }, + { + "version_value": "2.1.10", + "version_affected": "=" + }, + { + "version_value": "2.1.11", + "version_affected": "=" + }, + { + "version_value": "2.1.12", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46" + }, + { + "url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13" + }, + { + "url": "https://vuldb.com/?id.217436", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217436" + }, + { + "url": "https://vuldb.com/?ctiid.217436", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217436" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25098.json b/2019/25xxx/CVE-2019-25098.json new file mode 100644 index 000000000000..2ba73104cf66 --- /dev/null +++ b/2019/25xxx/CVE-2019-25098.json @@ -0,0 +1,159 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25098", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in soerennb eXtplorer bis 2.1.12 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei include/archive.php der Komponente Archive Handler. Dank der Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.1.13 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "soerennb", + "product": { + "product_data": [ + { + "product_name": "eXtplorer", + "version": { + "version_data": [ + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "2.1.1", + "version_affected": "=" + }, + { + "version_value": "2.1.2", + "version_affected": "=" + }, + { + "version_value": "2.1.3", + "version_affected": "=" + }, + { + "version_value": "2.1.4", + "version_affected": "=" + }, + { + "version_value": "2.1.5", + "version_affected": "=" + }, + { + "version_value": "2.1.6", + "version_affected": "=" + }, + { + "version_value": "2.1.7", + "version_affected": "=" + }, + { + "version_value": "2.1.8", + "version_affected": "=" + }, + { + "version_value": "2.1.9", + "version_affected": "=" + }, + { + "version_value": "2.1.10", + "version_affected": "=" + }, + { + "version_value": "2.1.11", + "version_affected": "=" + }, + { + "version_value": "2.1.12", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46" + }, + { + "url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13", + "refsource": "MISC", + "name": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13" + }, + { + "url": "https://vuldb.com/?id.217437", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217437" + }, + { + "url": "https://vuldb.com/?ctiid.217437", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217437" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25099.json b/2019/25xxx/CVE-2019-25099.json new file mode 100644 index 000000000000..ae486f0756de --- /dev/null +++ b/2019/25xxx/CVE-2019-25099.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25099", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Arthmoor QSF-Portal wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei index.php. Dank der Manipulation des Arguments a mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als ea4f61e23ecb83247d174bc2e2cbab521c751a7d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arthmoor", + "product": { + "product_data": [ + { + "product_name": "QSF-Portal", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217558", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217558" + }, + { + "url": "https://vuldb.com/?ctiid.217558", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217558" + }, + { + "url": "https://github.com/Arthmoor/QSF-Portal/commit/ea4f61e23ecb83247d174bc2e2cbab521c751a7d", + "refsource": "MISC", + "name": "https://github.com/Arthmoor/QSF-Portal/commit/ea4f61e23ecb83247d174bc2e2cbab521c751a7d" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/25xxx/CVE-2019-25100.json b/2019/25xxx/CVE-2019-25100.json new file mode 100644 index 000000000000..78a5c7505605 --- /dev/null +++ b/2019/25xxx/CVE-2019-25100.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-25100", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In happyman twmap wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei twmap3/data/ajaxCRUD/pointdata2.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version v2.9_v4.31 vermag dieses Problem zu l\u00f6sen. Der Patch wird als babbec79b3fa4efb3bd581ea68af0528d11bba0c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "happyman", + "product": { + "product_data": [ + { + "product_name": "twmap", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217645", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217645" + }, + { + "url": "https://vuldb.com/?ctiid.217645", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217645" + }, + { + "url": "https://github.com/happyman/twmap/issues/42", + "refsource": "MISC", + "name": "https://github.com/happyman/twmap/issues/42" + }, + { + "url": "https://github.com/happyman/twmap/commit/babbec79b3fa4efb3bd581ea68af0528d11bba0c", + "refsource": "MISC", + "name": "https://github.com/happyman/twmap/commit/babbec79b3fa4efb3bd581ea68af0528d11bba0c" + }, + { + "url": "https://github.com/happyman/twmap/releases/tag/v2.9_v4.31", + "refsource": "MISC", + "name": "https://github.com/happyman/twmap/releases/tag/v2.9_v4.31" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5313.json b/2019/5xxx/CVE-2019-5313.json index 37f8064d8bdf..c69d74d7e42b 100644 --- a/2019/5xxx/CVE-2019-5313.json +++ b/2019/5xxx/CVE-2019-5313.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-5313", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2019/5xxx/CVE-2019-5316.json b/2019/5xxx/CVE-2019-5316.json index 6c4043a4f35e..ee5d439cc00e 100644 --- a/2019/5xxx/CVE-2019-5316.json +++ b/2019/5xxx/CVE-2019-5316.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-5316", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2019/5xxx/CVE-2019-5325.json b/2019/5xxx/CVE-2019-5325.json index fe31ca8b3d1c..2221d2927874 100644 --- a/2019/5xxx/CVE-2019-5325.json +++ b/2019/5xxx/CVE-2019-5325.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-5325", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index eeb24acdd898..9f4307cafe87 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6568", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,71 +36,122 @@ "product": { "product_data": [ { - "product_name": "RFID 181EIP", + "product_name": "SIMATIC CP 1604", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 1604", + "product_name": "SIMATIC CP 1616", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 1616", + "product_name": "SIMATIC CP 343-1 Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 343-1 Advanced", + "product_name": "SIMATIC CP 443-1", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 443-1", + "product_name": "SIMATIC CP 443-1 Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 443-1 Advanced", + "product_name": "SIMATIC CP 443-1 OPC UA", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC CP 443-1 OPC UA", + "product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -89,7 +161,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.1.6" + "version_value": "All versions < V2.1.6", + "version_affected": "=" } ] } @@ -99,7 +172,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.7" + "version_value": "All versions < V2.7", + "version_affected": "=" } ] } @@ -109,7 +183,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V15.1 Upd 4" + "version_value": "All versions < V15.1 Upd 4", + "version_affected": "=" } ] } @@ -119,7 +194,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V15.1 Upd 4" + "version_value": "All versions < V15.1 Upd 4", + "version_affected": "=" } ] } @@ -129,7 +205,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V15.1 Upd 4" + "version_value": "All versions < V15.1 Upd 4", + "version_affected": "=" } ] } @@ -139,7 +216,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.1.3" + "version_value": "All versions < V5.1.3", + "version_affected": "=" } ] } @@ -149,7 +227,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -159,7 +238,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1.0" + "version_value": "All versions < V1.1.0", + "version_affected": "=" } ] } @@ -169,7 +249,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1.0" + "version_value": "All versions < V1.1.0", + "version_affected": "=" } ] } @@ -179,7 +260,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1.0" + "version_value": "All versions < V1.1.0", + "version_affected": "=" } ] } @@ -189,7 +271,19 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.2.1" + "version_value": "All versions < V3.2.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC RFID 181EIP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" } ] } @@ -199,7 +293,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.6.1" + "version_value": "All versions < V2.6.1", + "version_affected": "=" } ] } @@ -209,17 +304,118 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.7" + "version_value": "All versions < V2.7", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 315T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 317TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU 319-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-300 CPU 319F-3 PN/DP", "version": { "version_data": [ { - "version_value": "All versions < V3.X.16" + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -229,7 +425,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -239,7 +436,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -249,7 +447,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.0 SP1 UPD1" + "version_value": "All versions < V2.0 SP1 UPD1", + "version_affected": "=" } ] } @@ -259,7 +458,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -269,7 +469,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -279,17 +480,30 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC WinAC RTX (F) 2010", + "product_name": "SIMATIC WinAC RTX 2010", "version": { "version_data": [ { - "version_value": "All versions < SIMATIC WinAC RTX 2010 SP3" + "version_value": "All versions < V2010 SP3", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC WinAC RTX F 2010", + "version": { + "version_data": [ + { + "version_value": "All versions < V2010 SP3", + "version_affected": "=" } ] } @@ -299,27 +513,30 @@ "version": { "version_data": [ { - "version_value": "All versions < V15.1 Upd 4" + "version_value": "All versions < V15.1 Upd 4", + "version_affected": "=" } ] } }, { - "product_name": "SIMOCODE pro V EIP (incl. SIPLUS variants)", + "product_name": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V1.1.3" + "version_value": "All versions < V1.1.3", + "version_affected": "=" } ] } }, { - "product_name": "SIMOCODE pro V PN (incl. SIPLUS variants)", + "product_name": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions < V2.1.3" + "version_value": "All versions < V2.1.3", + "version_affected": "=" } ] } @@ -329,7 +546,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -339,7 +557,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -349,7 +568,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -359,7 +579,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 HF6" + "version_value": "All versions < V4.8 HF6", + "version_affected": "=" } ] } @@ -369,7 +590,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -379,7 +601,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.1 SP1 HF4" + "version_value": "All versions < V5.1 SP1 HF4", + "version_affected": "=" } ] } @@ -389,7 +612,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -399,7 +623,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -409,7 +634,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -419,7 +645,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 HF6" + "version_value": "All versions < V4.8 HF6", + "version_affected": "=" } ] } @@ -429,7 +656,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -439,7 +667,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.1 SP1 HF4" + "version_value": "All versions < V5.1 SP1 HF4", + "version_affected": "=" } ] } @@ -449,7 +678,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -459,7 +689,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP2 HF9" + "version_value": "All versions < V4.8 SP2 HF9", + "version_affected": "=" } ] } @@ -469,7 +700,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -479,7 +711,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP2 HF9" + "version_value": "All versions < V4.8 SP2 HF9", + "version_affected": "=" } ] } @@ -489,7 +722,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -499,7 +733,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP2 HF9" + "version_value": "All versions < V4.8 SP2 HF9", + "version_affected": "=" } ] } @@ -509,7 +744,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -519,7 +755,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -529,7 +766,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -539,7 +777,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 HF6" + "version_value": "All versions < V4.8 HF6", + "version_affected": "=" } ] } @@ -549,7 +788,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -559,7 +799,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.1 SP1 HF4" + "version_value": "All versions < V5.1 SP1 HF4", + "version_affected": "=" } ] } @@ -569,7 +810,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -579,7 +821,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -589,7 +832,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -599,7 +843,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 HF6" + "version_value": "All versions < V4.8 HF6", + "version_affected": "=" } ] } @@ -609,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -619,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.1 SP1 HF4" + "version_value": "All versions < V5.1 SP1 HF4", + "version_affected": "=" } ] } @@ -629,7 +876,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -639,7 +887,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -649,7 +898,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.7 HF33" + "version_value": "All versions < V4.7 HF33", + "version_affected": "=" } ] } @@ -659,7 +909,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -669,7 +920,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -679,7 +931,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V4.8 SP2 HF10" + "version_value": "All versions < V4.8 SP2 HF10", + "version_affected": "=" } ] } @@ -689,7 +942,30 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -699,7 +975,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -709,7 +986,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -719,7 +997,63 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 314C-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.3.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 315F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-300 CPU 317F-2 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.2.16", + "version_affected": "=" } ] } @@ -729,7 +1063,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.1" + "version_value": "All versions < V1.1", + "version_affected": "=" } ] } @@ -739,7 +1074,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V1.5" + "version_value": "All versions < V1.5", + "version_affected": "=" } ] } @@ -749,7 +1085,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.3" + "version_value": "All versions < V2.3", + "version_affected": "=" } ] } @@ -759,7 +1096,8 @@ "version": { "version_data": [ { - "version_value": "All versions < V2.1" + "version_value": "All versions < V2.1", + "version_affected": "=" } ] } @@ -770,38 +1108,28 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7256.json b/2019/7xxx/CVE-2019-7256.json index c7037598d417..5cfa3342ba70 100644 --- a/2019/7xxx/CVE-2019-7256.json +++ b/2019/7xxx/CVE-2019-7256.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html", "url": "http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html" } ] } diff --git a/2019/7xxx/CVE-2019-7553.json b/2019/7xxx/CVE-2019-7553.json index 9a82a74a93cc..f98eb6926732 100644 --- a/2019/7xxx/CVE-2019-7553.json +++ b/2019/7xxx/CVE-2019-7553.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://74.124.215.220/~projclient/client/auditor/profile.php", - "refsource": "MISC", - "name": "http://74.124.215.220/~projclient/client/auditor/profile.php" - }, { "refsource": "MISC", "name": "https://securityhitlist.blogspot.com/2019/02/cve-2019-7553-stores-xss-in-php-scripts.html", diff --git a/2019/9xxx/CVE-2019-9011.json b/2019/9xxx/CVE-2019-9011.json index f493e57d88d3..3b6e2a9361ed 100644 --- a/2019/9xxx/CVE-2019-9011.json +++ b/2019/9xxx/CVE-2019-9011.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9011", - "STATE": "RESERVED" + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2021-061/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2021-061/" } ] } diff --git a/2019/9xxx/CVE-2019-9579.json b/2019/9xxx/CVE-2019-9579.json index fd5b2ac36b1d..f7dfa80e3237 100644 --- a/2019/9xxx/CVE-2019-9579.json +++ b/2019/9xxx/CVE-2019-9579.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9579", - "STATE": "RESERVED" + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "url": "https://www.illumos.org/issues/10506", + "refsource": "MISC", + "name": "https://www.illumos.org/issues/10506" } ] } diff --git a/2020/10xxx/CVE-2020-10650.json b/2020/10xxx/CVE-2020-10650.json index fa2662b978aa..624809a8a447 100644 --- a/2020/10xxx/CVE-2020-10650.json +++ b/2020/10xxx/CVE-2020-10650.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2021.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2021.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "name": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, + { + "url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh" + }, + { + "url": "https://github.com/FasterXML/jackson-databind/issues/2658", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/issues/2658" + }, + { + "url": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef", + "refsource": "MISC", + "name": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef" } ] } diff --git a/2020/10xxx/CVE-2020-10932.json b/2020/10xxx/CVE-2020-10932.json index 9bb758804985..67ab59df8d1a 100644 --- a/2020/10xxx/CVE-2020-10932.json +++ b/2020/10xxx/CVE-2020-10932.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10932", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,24 +59,29 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories" }, { - "refsource": "CONFIRM", - "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04", - "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" }, { - "refsource": "CONFIRM", - "name": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released", - "url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released" + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-9a6e8e63e9", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/" + "url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-42564738a1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/" } ] } diff --git a/2020/10xxx/CVE-2020-10941.json b/2020/10xxx/CVE-2020-10941.json index 0a4a6ffa84ae..e3a59141804d 100644 --- a/2020/10xxx/CVE-2020-10941.json +++ b/2020/10xxx/CVE-2020-10941.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10941", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,22 +27,51 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" + }, { "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02", "refsource": "MISC", "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-fa74e15364", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-5b60029fe2", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/" } ] } diff --git a/2020/11xxx/CVE-2020-11101.json b/2020/11xxx/CVE-2020-11101.json index a45984c642ad..4ea8608c8719 100644 --- a/2020/11xxx/CVE-2020-11101.json +++ b/2020/11xxx/CVE-2020-11101.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11101", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sierrawireless.com/company/security/", + "refsource": "MISC", + "name": "https://www.sierrawireless.com/company/security/" + }, + { + "url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-007---amm-unauthenticated-login.ashx", + "refsource": "MISC", + "name": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-007---amm-unauthenticated-login.ashx" } ] } diff --git a/2020/12xxx/CVE-2020-12067.json b/2020/12xxx/CVE-2020-12067.json index 45fc6d7213b6..5f23fa5eccc7 100644 --- a/2020/12xxx/CVE-2020-12067.json +++ b/2020/12xxx/CVE-2020-12067.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2021-061/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2021-061/" } ] } diff --git a/2020/12xxx/CVE-2020-12069.json b/2020/12xxx/CVE-2020-12069.json index 7a44c1becace..8372cf8b0f1b 100644 --- a/2020/12xxx/CVE-2020-12069.json +++ b/2020/12xxx/CVE-2020-12069.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2021-061/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2021-061/" } ] } diff --git a/2020/12xxx/CVE-2020-12515.json b/2020/12xxx/CVE-2020-12515.json index a82d205edee9..82b9b3b37d83 100644 --- a/2020/12xxx/CVE-2020-12515.json +++ b/2020/12xxx/CVE-2020-12515.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12515", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12520.json b/2020/12xxx/CVE-2020-12520.json index 2b7e39f25da4..47ed11aa3ca2 100644 --- a/2020/12xxx/CVE-2020-12520.json +++ b/2020/12xxx/CVE-2020-12520.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12520", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12531.json b/2020/12xxx/CVE-2020-12531.json index b0fcc2f78bd3..643678ce2f35 100644 --- a/2020/12xxx/CVE-2020-12531.json +++ b/2020/12xxx/CVE-2020-12531.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12531", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12532.json b/2020/12xxx/CVE-2020-12532.json index b6a22661f014..6ff2e4c34d8f 100644 --- a/2020/12xxx/CVE-2020-12532.json +++ b/2020/12xxx/CVE-2020-12532.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12533.json b/2020/12xxx/CVE-2020-12533.json index 1e418f1efaaa..55bfac64f9a5 100644 --- a/2020/12xxx/CVE-2020-12533.json +++ b/2020/12xxx/CVE-2020-12533.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12533", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12534.json b/2020/12xxx/CVE-2020-12534.json index 5c2e67c8046f..f057fc43a62f 100644 --- a/2020/12xxx/CVE-2020-12534.json +++ b/2020/12xxx/CVE-2020-12534.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12534", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12535.json b/2020/12xxx/CVE-2020-12535.json index e1f2ef04d355..2ac5674e1e76 100644 --- a/2020/12xxx/CVE-2020-12535.json +++ b/2020/12xxx/CVE-2020-12535.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12536.json b/2020/12xxx/CVE-2020-12536.json index 3555407352a8..8a6a85ebb626 100644 --- a/2020/12xxx/CVE-2020-12536.json +++ b/2020/12xxx/CVE-2020-12536.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12536", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12537.json b/2020/12xxx/CVE-2020-12537.json index 651b83fa1e15..1a39b435e789 100644 --- a/2020/12xxx/CVE-2020-12537.json +++ b/2020/12xxx/CVE-2020-12537.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12537", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12538.json b/2020/12xxx/CVE-2020-12538.json index 013e626f78bd..43842691fa6c 100644 --- a/2020/12xxx/CVE-2020-12538.json +++ b/2020/12xxx/CVE-2020-12538.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12539.json b/2020/12xxx/CVE-2020-12539.json index d6c1082eee9d..3240a2db54ed 100644 --- a/2020/12xxx/CVE-2020-12539.json +++ b/2020/12xxx/CVE-2020-12539.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12539", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12540.json b/2020/12xxx/CVE-2020-12540.json index 1a62b454239e..8fa01f0e40e7 100644 --- a/2020/12xxx/CVE-2020-12540.json +++ b/2020/12xxx/CVE-2020-12540.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12540", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12541.json b/2020/12xxx/CVE-2020-12541.json index 47a33ec15116..a99c465ba49e 100644 --- a/2020/12xxx/CVE-2020-12541.json +++ b/2020/12xxx/CVE-2020-12541.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12541", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12542.json b/2020/12xxx/CVE-2020-12542.json index a0b2fe62247d..ab846ecb95d5 100644 --- a/2020/12xxx/CVE-2020-12542.json +++ b/2020/12xxx/CVE-2020-12542.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12542", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12543.json b/2020/12xxx/CVE-2020-12543.json index b2d362678bb5..f9c678f72902 100644 --- a/2020/12xxx/CVE-2020-12543.json +++ b/2020/12xxx/CVE-2020-12543.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12544.json b/2020/12xxx/CVE-2020-12544.json index 8d2a67a64952..a70060142bfb 100644 --- a/2020/12xxx/CVE-2020-12544.json +++ b/2020/12xxx/CVE-2020-12544.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12544", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12545.json b/2020/12xxx/CVE-2020-12545.json index ee23d0a1bce6..1db8a1135cbb 100644 --- a/2020/12xxx/CVE-2020-12545.json +++ b/2020/12xxx/CVE-2020-12545.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12546.json b/2020/12xxx/CVE-2020-12546.json index f194cb2bd70a..aac042095aa9 100644 --- a/2020/12xxx/CVE-2020-12546.json +++ b/2020/12xxx/CVE-2020-12546.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12546", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12547.json b/2020/12xxx/CVE-2020-12547.json index 2d48b8f22697..2b745eefa0da 100644 --- a/2020/12xxx/CVE-2020-12547.json +++ b/2020/12xxx/CVE-2020-12547.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12548.json b/2020/12xxx/CVE-2020-12548.json index 6f67f290c176..a7d16ee246fc 100644 --- a/2020/12xxx/CVE-2020-12548.json +++ b/2020/12xxx/CVE-2020-12548.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12549.json b/2020/12xxx/CVE-2020-12549.json index 34f5ad67cf34..78d4f7ce2a44 100644 --- a/2020/12xxx/CVE-2020-12549.json +++ b/2020/12xxx/CVE-2020-12549.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12549", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12550.json b/2020/12xxx/CVE-2020-12550.json index 935751d9baca..46195b70c050 100644 --- a/2020/12xxx/CVE-2020-12550.json +++ b/2020/12xxx/CVE-2020-12550.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12550", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12551.json b/2020/12xxx/CVE-2020-12551.json index ff0f57fc79f2..73432114d5c1 100644 --- a/2020/12xxx/CVE-2020-12551.json +++ b/2020/12xxx/CVE-2020-12551.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12551", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12552.json b/2020/12xxx/CVE-2020-12552.json index 64ae8be37e59..80dfbf2597c2 100644 --- a/2020/12xxx/CVE-2020-12552.json +++ b/2020/12xxx/CVE-2020-12552.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12552", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12553.json b/2020/12xxx/CVE-2020-12553.json index 2cc5fd7c9fbd..b7dc0104fe43 100644 --- a/2020/12xxx/CVE-2020-12553.json +++ b/2020/12xxx/CVE-2020-12553.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12553", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12554.json b/2020/12xxx/CVE-2020-12554.json index b580655945b8..19b8ed46a703 100644 --- a/2020/12xxx/CVE-2020-12554.json +++ b/2020/12xxx/CVE-2020-12554.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12555.json b/2020/12xxx/CVE-2020-12555.json index 02b1b8e1af78..4d1d0209a292 100644 --- a/2020/12xxx/CVE-2020-12555.json +++ b/2020/12xxx/CVE-2020-12555.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12555", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12556.json b/2020/12xxx/CVE-2020-12556.json index eb0d16ea37c0..7b1af06f203b 100644 --- a/2020/12xxx/CVE-2020-12556.json +++ b/2020/12xxx/CVE-2020-12556.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12556", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12557.json b/2020/12xxx/CVE-2020-12557.json index 6d3658dd375c..7bc58c1c3b0b 100644 --- a/2020/12xxx/CVE-2020-12557.json +++ b/2020/12xxx/CVE-2020-12557.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12558.json b/2020/12xxx/CVE-2020-12558.json index cf56f3524dbb..5fa4455859f6 100644 --- a/2020/12xxx/CVE-2020-12558.json +++ b/2020/12xxx/CVE-2020-12558.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12558", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12559.json b/2020/12xxx/CVE-2020-12559.json index 6c705ac908b9..5e4a0ac33772 100644 --- a/2020/12xxx/CVE-2020-12559.json +++ b/2020/12xxx/CVE-2020-12559.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12559", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12560.json b/2020/12xxx/CVE-2020-12560.json index 7b61e5233372..06b304c22495 100644 --- a/2020/12xxx/CVE-2020-12560.json +++ b/2020/12xxx/CVE-2020-12560.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12560", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12561.json b/2020/12xxx/CVE-2020-12561.json index 71d770e14a8b..55b3c455d02a 100644 --- a/2020/12xxx/CVE-2020-12561.json +++ b/2020/12xxx/CVE-2020-12561.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12561", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12562.json b/2020/12xxx/CVE-2020-12562.json index a97a72fae89f..9fdbb77611c7 100644 --- a/2020/12xxx/CVE-2020-12562.json +++ b/2020/12xxx/CVE-2020-12562.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12562", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12563.json b/2020/12xxx/CVE-2020-12563.json index 16817c7caba1..c4cd094e878d 100644 --- a/2020/12xxx/CVE-2020-12563.json +++ b/2020/12xxx/CVE-2020-12563.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12563", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12564.json b/2020/12xxx/CVE-2020-12564.json index ca15b5f39208..30a2c8db2426 100644 --- a/2020/12xxx/CVE-2020-12564.json +++ b/2020/12xxx/CVE-2020-12564.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12565.json b/2020/12xxx/CVE-2020-12565.json index b1d1a0a6c4c2..869b4f292b68 100644 --- a/2020/12xxx/CVE-2020-12565.json +++ b/2020/12xxx/CVE-2020-12565.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12565", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12566.json b/2020/12xxx/CVE-2020-12566.json index 042d4af33970..7988cb4f4af4 100644 --- a/2020/12xxx/CVE-2020-12566.json +++ b/2020/12xxx/CVE-2020-12566.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12567.json b/2020/12xxx/CVE-2020-12567.json index d1ea7494b4b5..65d4c185f21c 100644 --- a/2020/12xxx/CVE-2020-12567.json +++ b/2020/12xxx/CVE-2020-12567.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12567", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12568.json b/2020/12xxx/CVE-2020-12568.json index f5bc653b7572..d51d4585515a 100644 --- a/2020/12xxx/CVE-2020-12568.json +++ b/2020/12xxx/CVE-2020-12568.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12569.json b/2020/12xxx/CVE-2020-12569.json index 5f1c22cc3b28..8f37b1b51a40 100644 --- a/2020/12xxx/CVE-2020-12569.json +++ b/2020/12xxx/CVE-2020-12569.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12569", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12570.json b/2020/12xxx/CVE-2020-12570.json index a762a758c90d..0eff1225e7b8 100644 --- a/2020/12xxx/CVE-2020-12570.json +++ b/2020/12xxx/CVE-2020-12570.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12570", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12571.json b/2020/12xxx/CVE-2020-12571.json index 53751e11febf..da3b6a0b9b6c 100644 --- a/2020/12xxx/CVE-2020-12571.json +++ b/2020/12xxx/CVE-2020-12571.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12571", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12572.json b/2020/12xxx/CVE-2020-12572.json index 70bdf308aa03..09e2b0d6a327 100644 --- a/2020/12xxx/CVE-2020-12572.json +++ b/2020/12xxx/CVE-2020-12572.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12573.json b/2020/12xxx/CVE-2020-12573.json index d8e6ec725033..b1e6d8ab25cf 100644 --- a/2020/12xxx/CVE-2020-12573.json +++ b/2020/12xxx/CVE-2020-12573.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12574.json b/2020/12xxx/CVE-2020-12574.json index 9c98f05054d6..699cd5059a47 100644 --- a/2020/12xxx/CVE-2020-12574.json +++ b/2020/12xxx/CVE-2020-12574.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12574", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12575.json b/2020/12xxx/CVE-2020-12575.json index 5655b02f70ab..b68bfd07e8ee 100644 --- a/2020/12xxx/CVE-2020-12575.json +++ b/2020/12xxx/CVE-2020-12575.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12575", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12576.json b/2020/12xxx/CVE-2020-12576.json index 1402a7205b12..c59544465ff5 100644 --- a/2020/12xxx/CVE-2020-12576.json +++ b/2020/12xxx/CVE-2020-12576.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12576", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12577.json b/2020/12xxx/CVE-2020-12577.json index 8c93256084c3..3941a2b493d9 100644 --- a/2020/12xxx/CVE-2020-12577.json +++ b/2020/12xxx/CVE-2020-12577.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12577", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12578.json b/2020/12xxx/CVE-2020-12578.json index a14bf61f76d6..3d921bfe6845 100644 --- a/2020/12xxx/CVE-2020-12578.json +++ b/2020/12xxx/CVE-2020-12578.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12578", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12579.json b/2020/12xxx/CVE-2020-12579.json index 8ac3f2446a89..02686591f2d5 100644 --- a/2020/12xxx/CVE-2020-12579.json +++ b/2020/12xxx/CVE-2020-12579.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12579", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12580.json b/2020/12xxx/CVE-2020-12580.json index 542a97f52e96..f1a6915736c6 100644 --- a/2020/12xxx/CVE-2020-12580.json +++ b/2020/12xxx/CVE-2020-12580.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12580", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12581.json b/2020/12xxx/CVE-2020-12581.json index 4dd9b6639256..5d1f98f452a4 100644 --- a/2020/12xxx/CVE-2020-12581.json +++ b/2020/12xxx/CVE-2020-12581.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12581", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12582.json b/2020/12xxx/CVE-2020-12582.json index d2ff6d727ab9..e39d26b67c60 100644 --- a/2020/12xxx/CVE-2020-12582.json +++ b/2020/12xxx/CVE-2020-12582.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12583.json b/2020/12xxx/CVE-2020-12583.json index e98388f0196a..0b44b71f0eff 100644 --- a/2020/12xxx/CVE-2020-12583.json +++ b/2020/12xxx/CVE-2020-12583.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12584.json b/2020/12xxx/CVE-2020-12584.json index ae0c3bcb8c29..d20b31fc5da2 100644 --- a/2020/12xxx/CVE-2020-12584.json +++ b/2020/12xxx/CVE-2020-12584.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12584", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12585.json b/2020/12xxx/CVE-2020-12585.json index adf7213907ec..caa9848cf571 100644 --- a/2020/12xxx/CVE-2020-12585.json +++ b/2020/12xxx/CVE-2020-12585.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12586.json b/2020/12xxx/CVE-2020-12586.json index d4c48f087a85..7b3d5711e209 100644 --- a/2020/12xxx/CVE-2020-12586.json +++ b/2020/12xxx/CVE-2020-12586.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12587.json b/2020/12xxx/CVE-2020-12587.json index fd4f9be9eb4a..ca2936d52219 100644 --- a/2020/12xxx/CVE-2020-12587.json +++ b/2020/12xxx/CVE-2020-12587.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12587", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12588.json b/2020/12xxx/CVE-2020-12588.json index 0c3a4f8c7414..190031b6605d 100644 --- a/2020/12xxx/CVE-2020-12588.json +++ b/2020/12xxx/CVE-2020-12588.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12589.json b/2020/12xxx/CVE-2020-12589.json index f33ed950463b..51dc3321174a 100644 --- a/2020/12xxx/CVE-2020-12589.json +++ b/2020/12xxx/CVE-2020-12589.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12590.json b/2020/12xxx/CVE-2020-12590.json index 78a47a76dafa..044a22f5bb9d 100644 --- a/2020/12xxx/CVE-2020-12590.json +++ b/2020/12xxx/CVE-2020-12590.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12590", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12591.json b/2020/12xxx/CVE-2020-12591.json index 53972e791fa1..e9e93e5810db 100644 --- a/2020/12xxx/CVE-2020-12591.json +++ b/2020/12xxx/CVE-2020-12591.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12591", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/12xxx/CVE-2020-12592.json b/2020/12xxx/CVE-2020-12592.json index dc204c863014..f6a3483e0a72 100644 --- a/2020/12xxx/CVE-2020-12592.json +++ b/2020/12xxx/CVE-2020-12592.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-12592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/15xxx/CVE-2020-15679.json b/2020/15xxx/CVE-2020-15679.json index ccdffd99e59e..88916a28de4b 100644 --- a/2020/15xxx/CVE-2020-15679.json +++ b/2020/15xxx/CVE-2020-15679.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Mozilla VPN iOS 1.0.7", + "version": { + "version_data": [ + { + "version_value": "(929)", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Mozilla VPN Windows", + "version": { + "version_data": [ + { + "version_value": "1.2.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Mozilla VPN Android 1.1.0", + "version": { + "version_data": [ + { + "version_value": "(1360)", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OAuth Session Fixation on VPN login" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2020-48/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2020-48/" + }, + { + "url": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b", + "refsource": "MISC", + "name": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b" + }, + { + "url": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9", + "refsource": "MISC", + "name": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9" + }, + { + "url": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54", + "refsource": "MISC", + "name": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360)." } ] } diff --git a/2020/15xxx/CVE-2020-15685.json b/2020/15xxx/CVE-2020-15685.json index d3b37519c371..69a3ad4c7045 100644 --- a/2020/15xxx/CVE-2020-15685.json +++ b/2020/15xxx/CVE-2020-15685.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.7", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMAP Response Injection when using STARTTLS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1622640", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1622640" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7." } ] } diff --git a/2020/15xxx/CVE-2020-15778.json b/2020/15xxx/CVE-2020-15778.json index d34bd344adcb..43327be4b9e4 100644 --- a/2020/15xxx/CVE-2020-15778.json +++ b/2020/15xxx/CVE-2020-15778.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://news.ycombinator.com/item?id=25005567", "url": "https://news.ycombinator.com/item?id=25005567" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-06", + "url": "https://security.gentoo.org/glsa/202212-06" } ] } diff --git a/2020/16xxx/CVE-2020-16150.json b/2020/16xxx/CVE-2020-16150.json index 8f4ec94878bc..4867b23dca16 100644 --- a/2020/16xxx/CVE-2020-16150.json +++ b/2020/16xxx/CVE-2020-16150.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-16150", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,24 +59,29 @@ "name": "https://tls.mbed.org/tech-updates/security-advisories" }, { - "refsource": "CONFIRM", - "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1", - "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-48a1ae610c", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/" + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-8b0d59bac6", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-e75ade5e38", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC/" } ] } diff --git a/2020/18xxx/CVE-2020-18771.json b/2020/18xxx/CVE-2020-18771.json index 0488160f4527..c43a4554e8c9 100644 --- a/2020/18xxx/CVE-2020-18771.json +++ b/2020/18xxx/CVE-2020-18771.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://cwe.mitre.org/data/definitions/126.html", "url": "https://cwe.mitre.org/data/definitions/126.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] } diff --git a/2020/20xxx/CVE-2020-20588.json b/2020/20xxx/CVE-2020-20588.json index 4630eacbc584..631b96fde2c1 100644 --- a/2020/20xxx/CVE-2020-20588.json +++ b/2020/20xxx/CVE-2020-20588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zhimengzhe/iBarn/issues/13", + "refsource": "MISC", + "name": "https://github.com/zhimengzhe/iBarn/issues/13" } ] } diff --git a/2020/20xxx/CVE-2020-20589.json b/2020/20xxx/CVE-2020-20589.json index f3493b00bd89..54e61bded0d1 100644 --- a/2020/20xxx/CVE-2020-20589.json +++ b/2020/20xxx/CVE-2020-20589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/liufee/cms/issues/45", + "url": "https://github.com/liufee/cms/issues/45" } ] } diff --git a/2020/21xxx/CVE-2020-21219.json b/2020/21xxx/CVE-2020-21219.json index 440c010b7fc9..31c461c43009 100644 --- a/2020/21xxx/CVE-2020-21219.json +++ b/2020/21xxx/CVE-2020-21219.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21219", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21219", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8", + "refsource": "MISC", + "name": "https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8" + }, + { + "refsource": "MISC", + "name": "https://redmine.pfsense.org/issues/9888", + "url": "https://redmine.pfsense.org/issues/9888" } ] } diff --git a/2020/21xxx/CVE-2020-21599.json b/2020/21xxx/CVE-2020-21599.json index 4ad1b22b0d0d..ce369a5a7f47 100644 --- a/2020/21xxx/CVE-2020-21599.json +++ b/2020/21xxx/CVE-2020-21599.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/235", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/235" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2020/23xxx/CVE-2020-23226.json b/2020/23xxx/CVE-2020-23226.json index 480cec1faea4..d97d9633d08b 100644 --- a/2020/23xxx/CVE-2020-23226.json +++ b/2020/23xxx/CVE-2020-23226.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html" } ] } diff --git a/2020/24xxx/CVE-2020-24600.json b/2020/24xxx/CVE-2020-24600.json index d5d05bff840c..80b0a5d86a65 100644 --- a/2020/24xxx/CVE-2020-24600.json +++ b/2020/24xxx/CVE-2020-24600.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24600", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cybersecurityworks.com/zerodays/cve-2020-24600-sql-injection-in-capexweb.html", + "refsource": "MISC", + "name": "https://cybersecurityworks.com/zerodays/cve-2020-24600-sql-injection-in-capexweb.html" } ] } diff --git a/2020/24xxx/CVE-2020-24642.json b/2020/24xxx/CVE-2020-24642.json index 2fc650a09e98..9d07f9308797 100644 --- a/2020/24xxx/CVE-2020-24642.json +++ b/2020/24xxx/CVE-2020-24642.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/24xxx/CVE-2020-24643.json b/2020/24xxx/CVE-2020-24643.json index deff277e1af2..103771cb0f67 100644 --- a/2020/24xxx/CVE-2020-24643.json +++ b/2020/24xxx/CVE-2020-24643.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/24xxx/CVE-2020-24644.json b/2020/24xxx/CVE-2020-24644.json index b11a177f2ae9..20cea2823783 100644 --- a/2020/24xxx/CVE-2020-24644.json +++ b/2020/24xxx/CVE-2020-24644.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/24xxx/CVE-2020-24645.json b/2020/24xxx/CVE-2020-24645.json index 8007a0e04db9..30e0ab3a9a23 100644 --- a/2020/24xxx/CVE-2020-24645.json +++ b/2020/24xxx/CVE-2020-24645.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/24xxx/CVE-2020-24855.json b/2020/24xxx/CVE-2020-24855.json index a19c38901f27..6325847aa570 100644 --- a/2020/24xxx/CVE-2020-24855.json +++ b/2020/24xxx/CVE-2020-24855.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/easy-team/easywebpack-cli/issues/25", + "refsource": "MISC", + "name": "https://github.com/easy-team/easywebpack-cli/issues/25" } ] } diff --git a/2020/25xxx/CVE-2020-25706.json b/2020/25xxx/CVE-2020-25706.json index 58fed5b0d3da..95a2b8e5ee20 100644 --- a/2020/25xxx/CVE-2020-25706.json +++ b/2020/25xxx/CVE-2020-25706.json @@ -58,6 +58,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25706", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25706", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html" } ] }, diff --git a/2020/25xxx/CVE-2020-25736.json b/2020/25xxx/CVE-2020-25736.json index 1bb91febf49b..3dc2bd932eae 100644 --- a/2020/25xxx/CVE-2020-25736.json +++ b/2020/25xxx/CVE-2020-25736.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://kb.acronis.com/content/68061", "url": "https://kb.acronis.com/content/68061" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/170246/Acronis-TrueImage-XPC-Privilege-Escalation.html" } ] } diff --git a/2020/26xxx/CVE-2020-26302.json b/2020/26xxx/CVE-2020-26302.json index 2ebe24237949..ea8103aaa7a2 100644 --- a/2020/26xxx/CVE-2020-26302.json +++ b/2020/26xxx/CVE-2020-26302.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "GHSL-2020-295", + "ASSIGNER": "security-advisories@github.com", + "DATE_PUBLIC": "2022-12-22T21:04:00.000Z", "ID": "CVE-2020-26302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "is.js", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.9.0", + "version_value": "0.9.0" + } + ] + } + } + ] + }, + "vendor_name": "arasatasaygin" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever.\" This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitylab.github.com/advisories/GHSL-2020-295-redos-is.js", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2020-295-redos-is.js" + }, + { + "name": "https://github.com/arasatasaygin/is.js/issues/320", + "refsource": "MISC", + "url": "https://github.com/arasatasaygin/is.js/issues/320" + } + ] + }, + "source": { + "defect": [ + "GHSL-2020-295" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28191.json b/2020/28xxx/CVE-2020-28191.json index 5e50b0dd6384..0f4c9d3c64a7 100644 --- a/2020/28xxx/CVE-2020-28191.json +++ b/2020/28xxx/CVE-2020-28191.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28191", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The console in Togglz before 2.9.4 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/advisories/GHSA-697v-pxg3-j262", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-697v-pxg3-j262" + }, + { + "url": "https://github.com/togglz/togglz/pull/495", + "refsource": "MISC", + "name": "https://github.com/togglz/togglz/pull/495" + }, + { + "url": "https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707", + "refsource": "MISC", + "name": "https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707" } ] } diff --git a/2020/28xxx/CVE-2020-28366.json b/2020/28xxx/CVE-2020-28366.json index 7fc7b4ab3892..7448650ce4a9 100644 --- a/2020/28xxx/CVE-2020-28366.json +++ b/2020/28xxx/CVE-2020-28366.json @@ -1,92 +1,108 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28366", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Go toolchain", "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "cmd/go", "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "0", + "version_affected": "=" + }, + { + "version_value": "1.15.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "cmd/cgo", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + }, + { + "version_value": "1.15.0", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "n/a" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5", - "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E" - }, - { - "refsource": "CONFIRM", - "name": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM", - "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" - }, - { + "url": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM", "refsource": "MISC", - "name": "https://github.com/golang/go/issues/42559", - "url": "https://github.com/golang/go/issues/42559" + "name": "https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-864922e78a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/" + "url": "https://go.dev/cl/269658", + "refsource": "MISC", + "name": "https://go.dev/cl/269658" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20201202-0004/", - "url": "https://security.netapp.com/advisory/ntap-20201202-0004/" + "url": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292", + "refsource": "MISC", + "name": "https://go.googlesource.com/go/+/062e0e5ce6df339dc26732438ad771f73dbf2292" }, { - "refsource": "FEDORA", - "name": "FEDORA-2020-e971480183", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" + "url": "https://go.dev/issue/42559", + "refsource": "MISC", + "name": "https://go.dev/issue/42559" }, { - "refsource": "GENTOO", - "name": "GLSA-202208-02", - "url": "https://security.gentoo.org/glsa/202208-02" + "url": "https://pkg.go.dev/vuln/GO-2022-0475", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-0475" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "Chris Brown and Tempus Ex" + } + ] } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28367.json b/2020/28xxx/CVE-2020-28367.json index 550a33096946..13074fe6635c 100644 --- a/2020/28xxx/CVE-2020-28367.json +++ b/2020/28xxx/CVE-2020-28367.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28367", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, "description": { "description_data": [ { @@ -44,12 +21,40 @@ "description": [ { "lang": "eng", - "value": "n/a" + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Go toolchain", + "product": { + "product_data": [ + { + "product_name": "cmd/go", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + }, + { + "version_value": "1.15.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -79,9 +84,9 @@ } ] }, - "credit": [ + "credits": [ { - "lang": "eng", + "lang": "en", "value": "Imre Rad" } ] diff --git a/2020/28xxx/CVE-2020-28975.json b/2020/28xxx/CVE-2020-28975.json index 724c87fb7d8a..79d9d54ff54a 100644 --- a/2020/28xxx/CVE-2020-28975.json +++ b/2020/28xxx/CVE-2020-28975.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", "url": "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-03", + "url": "https://security.gentoo.org/glsa/202301-03" } ] } diff --git a/2020/2xxx/CVE-2020-2045.json b/2020/2xxx/CVE-2020-2045.json index e597835123a9..8c57f6dd510a 100644 --- a/2020/2xxx/CVE-2020-2045.json +++ b/2020/2xxx/CVE-2020-2045.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2046.json b/2020/2xxx/CVE-2020-2046.json index a6fa320891e5..d41160ee9e6c 100644 --- a/2020/2xxx/CVE-2020-2046.json +++ b/2020/2xxx/CVE-2020-2046.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2047.json b/2020/2xxx/CVE-2020-2047.json index 0cb39dfb0fad..ae0a4d7fcbc3 100644 --- a/2020/2xxx/CVE-2020-2047.json +++ b/2020/2xxx/CVE-2020-2047.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2051.json b/2020/2xxx/CVE-2020-2051.json index 1f593c9afe6c..0741e5fd9a34 100644 --- a/2020/2xxx/CVE-2020-2051.json +++ b/2020/2xxx/CVE-2020-2051.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2052.json b/2020/2xxx/CVE-2020-2052.json index 06613a3ad542..52c1c00edd0c 100644 --- a/2020/2xxx/CVE-2020-2052.json +++ b/2020/2xxx/CVE-2020-2052.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2053.json b/2020/2xxx/CVE-2020-2053.json index 3fe64d1fb80c..c9f1ccbc7407 100644 --- a/2020/2xxx/CVE-2020-2053.json +++ b/2020/2xxx/CVE-2020-2053.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2053", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2054.json b/2020/2xxx/CVE-2020-2054.json index e2efdd092402..672c3664636f 100644 --- a/2020/2xxx/CVE-2020-2054.json +++ b/2020/2xxx/CVE-2020-2054.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2054", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2056.json b/2020/2xxx/CVE-2020-2056.json index 1c9455523f8d..30d5a94f4330 100644 --- a/2020/2xxx/CVE-2020-2056.json +++ b/2020/2xxx/CVE-2020-2056.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2057.json b/2020/2xxx/CVE-2020-2057.json index 894de4554d13..f3659ffcc142 100644 --- a/2020/2xxx/CVE-2020-2057.json +++ b/2020/2xxx/CVE-2020-2057.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2058.json b/2020/2xxx/CVE-2020-2058.json index 367130fe8796..3fedac969b75 100644 --- a/2020/2xxx/CVE-2020-2058.json +++ b/2020/2xxx/CVE-2020-2058.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2059.json b/2020/2xxx/CVE-2020-2059.json index f698bf9f953d..f23ef33ef95e 100644 --- a/2020/2xxx/CVE-2020-2059.json +++ b/2020/2xxx/CVE-2020-2059.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2061.json b/2020/2xxx/CVE-2020-2061.json index ddf96eae1a28..d6d5e850c8eb 100644 --- a/2020/2xxx/CVE-2020-2061.json +++ b/2020/2xxx/CVE-2020-2061.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2061", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2062.json b/2020/2xxx/CVE-2020-2062.json index 46e7ffb99c63..c41c6ce58adb 100644 --- a/2020/2xxx/CVE-2020-2062.json +++ b/2020/2xxx/CVE-2020-2062.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2064.json b/2020/2xxx/CVE-2020-2064.json index 8755fbf2f422..5c5ef40b4393 100644 --- a/2020/2xxx/CVE-2020-2064.json +++ b/2020/2xxx/CVE-2020-2064.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2064", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2065.json b/2020/2xxx/CVE-2020-2065.json index 0cba392bf54e..0b6cb2aa8c41 100644 --- a/2020/2xxx/CVE-2020-2065.json +++ b/2020/2xxx/CVE-2020-2065.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2067.json b/2020/2xxx/CVE-2020-2067.json index 754179ab76b4..3062e2600c30 100644 --- a/2020/2xxx/CVE-2020-2067.json +++ b/2020/2xxx/CVE-2020-2067.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2068.json b/2020/2xxx/CVE-2020-2068.json index cae125e5dd43..fb4a8c1a21ea 100644 --- a/2020/2xxx/CVE-2020-2068.json +++ b/2020/2xxx/CVE-2020-2068.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2069.json b/2020/2xxx/CVE-2020-2069.json index 91e0916c768c..4217f5a838a8 100644 --- a/2020/2xxx/CVE-2020-2069.json +++ b/2020/2xxx/CVE-2020-2069.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2071.json b/2020/2xxx/CVE-2020-2071.json index 21a716c41b88..d9c5184bd4f8 100644 --- a/2020/2xxx/CVE-2020-2071.json +++ b/2020/2xxx/CVE-2020-2071.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2072.json b/2020/2xxx/CVE-2020-2072.json index b9c16dc59c03..28d8d6f925dd 100644 --- a/2020/2xxx/CVE-2020-2072.json +++ b/2020/2xxx/CVE-2020-2072.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2073.json b/2020/2xxx/CVE-2020-2073.json index bcadb4bfb1fd..1607aa2dff9f 100644 --- a/2020/2xxx/CVE-2020-2073.json +++ b/2020/2xxx/CVE-2020-2073.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/2xxx/CVE-2020-2074.json b/2020/2xxx/CVE-2020-2074.json index 5710c4e075d7..9ca881b85e4a 100644 --- a/2020/2xxx/CVE-2020-2074.json +++ b/2020/2xxx/CVE-2020-2074.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-2074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2020/35xxx/CVE-2020-35476.json b/2020/35xxx/CVE-2020-35476.json index 3aa51d9040b4..6dd884fd9809 100644 --- a/2020/35xxx/CVE-2020-35476.json +++ b/2020/35xxx/CVE-2020-35476.json @@ -56,6 +56,11 @@ "url": "https://github.com/OpenTSDB/opentsdb/issues/2051", "refsource": "MISC", "name": "https://github.com/OpenTSDB/opentsdb/issues/2051" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html" } ] } diff --git a/2020/35xxx/CVE-2020-35610.json b/2020/35xxx/CVE-2020-35610.json index 26e99dfc4109..2eb2d5f58b24 100644 --- a/2020/35xxx/CVE-2020-35610.json +++ b/2020/35xxx/CVE-2020-35610.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35610", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201101] - Core - com_finder ignores access levels on autosuggest" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35611.json b/2020/35xxx/CVE-2020-35611.json index 0f0cd5a1f064..7eb8724a2051 100644 --- a/2020/35xxx/CVE-2020-35611.json +++ b/2020/35xxx/CVE-2020-35611.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35611", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201102] - Core - Disclosure of secrets in Global Configuration page" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35612.json b/2020/35xxx/CVE-2020-35612.json index a3d428d18fbe..2b2cc2f65acb 100644 --- a/2020/35xxx/CVE-2020-35612.json +++ b/2020/35xxx/CVE-2020-35612.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35612", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201103] - Core - Path traversal in mod_random_image" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35613.json b/2020/35xxx/CVE-2020-35613.json index d5fc52ddef5d..cac67dcf694a 100644 --- a/2020/35xxx/CVE-2020-35613.json +++ b/2020/35xxx/CVE-2020-35613.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35613", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201104] - Core - SQL injection in com_users list view" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35614.json b/2020/35xxx/CVE-2020-35614.json index e08ea58a7e63..ac875e938318 100644 --- a/2020/35xxx/CVE-2020-35614.json +++ b/2020/35xxx/CVE-2020-35614.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35614", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201105] - Core - User Enumeration in backend login" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.9.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.9.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35615.json b/2020/35xxx/CVE-2020-35615.json index 3cd332bcbbe0..d293f5bf3f16 100644 --- a/2020/35xxx/CVE-2020-35615.json +++ b/2020/35xxx/CVE-2020-35615.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35615", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201106] - Core - CSRF in com_privacy emailexport feature" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/35xxx/CVE-2020-35616.json b/2020/35xxx/CVE-2020-35616.json index 3f416375e604..cc20c2e913d4 100644 --- a/2020/35xxx/CVE-2020-35616.json +++ b/2020/35xxx/CVE-2020-35616.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2020-35616", - "DATE_PUBLIC": "2020-11-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20201107] - Core - Write ACL violation in multiple core views" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "1.7.0 - 3.9.22" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "1.7.0 - 3.9.22", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2020/36xxx/CVE-2020-36421.json b/2020/36xxx/CVE-2020-36421.json index 58e7d6905d2a..896d2b053d40 100644 --- a/2020/36xxx/CVE-2020-36421.json +++ b/2020/36xxx/CVE-2020-36421.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36421", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -71,6 +72,11 @@ "url": "https://bugs.gentoo.org/730752", "refsource": "MISC", "name": "https://bugs.gentoo.org/730752" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36422.json b/2020/36xxx/CVE-2020-36422.json index cee383565482..822b44c4bbfc 100644 --- a/2020/36xxx/CVE-2020-36422.json +++ b/2020/36xxx/CVE-2020-36422.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36422", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -66,6 +67,11 @@ "url": "https://bugs.gentoo.org/730752", "refsource": "MISC", "name": "https://bugs.gentoo.org/730752" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36423.json b/2020/36xxx/CVE-2020-36423.json index aa5d0ba26273..02901e2a362f 100644 --- a/2020/36xxx/CVE-2020-36423.json +++ b/2020/36xxx/CVE-2020-36423.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36423", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -66,6 +67,11 @@ "url": "https://bugs.gentoo.org/730752", "refsource": "MISC", "name": "https://bugs.gentoo.org/730752" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36424.json b/2020/36xxx/CVE-2020-36424.json index 7b6e56516c61..346a092572a3 100644 --- a/2020/36xxx/CVE-2020-36424.json +++ b/2020/36xxx/CVE-2020-36424.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36424", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -76,6 +77,11 @@ "url": "https://bugs.gentoo.org/740108", "refsource": "MISC", "name": "https://bugs.gentoo.org/740108" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36425.json b/2020/36xxx/CVE-2020-36425.json index bac612aab3dd..f8dc8237f0a7 100644 --- a/2020/36xxx/CVE-2020-36425.json +++ b/2020/36xxx/CVE-2020-36425.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36425", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -81,6 +82,11 @@ "url": "https://github.com/ARMmbed/mbedtls/issues/3340", "refsource": "MISC", "name": "https://github.com/ARMmbed/mbedtls/issues/3340" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36426.json b/2020/36xxx/CVE-2020-36426.json index 7579973f32b8..4398d19f1af3 100644 --- a/2020/36xxx/CVE-2020-36426.json +++ b/2020/36xxx/CVE-2020-36426.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36426", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -71,6 +72,11 @@ "url": "https://bugs.gentoo.org/740108", "refsource": "MISC", "name": "https://bugs.gentoo.org/740108" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2020/36xxx/CVE-2020-36475.json b/2020/36xxx/CVE-2020-36475.json index 576e74899d01..1a649afe6d11 100644 --- a/2020/36xxx/CVE-2020-36475.json +++ b/2020/36xxx/CVE-2020-36475.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36475", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -68,14 +69,19 @@ "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36476.json b/2020/36xxx/CVE-2020-36476.json index 74c0d7933094..1ee130fb1cc4 100644 --- a/2020/36xxx/CVE-2020-36476.json +++ b/2020/36xxx/CVE-2020-36476.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36476", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -68,9 +69,14 @@ "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36477.json b/2020/36xxx/CVE-2020-36477.json index 958d5a5eb139..41a254cf0b88 100644 --- a/2020/36xxx/CVE-2020-36477.json +++ b/2020/36xxx/CVE-2020-36477.json @@ -61,6 +61,11 @@ "url": "https://github.com/ARMmbed/mbedtls/issues/3498", "refsource": "MISC", "name": "https://github.com/ARMmbed/mbedtls/issues/3498" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-08", + "url": "https://security.gentoo.org/glsa/202301-08" } ] } diff --git a/2020/36xxx/CVE-2020-36478.json b/2020/36xxx/CVE-2020-36478.json index d0d9022e3ecf..cd8c7fc96272 100644 --- a/2020/36xxx/CVE-2020-36478.json +++ b/2020/36xxx/CVE-2020-36478.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36478", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -73,14 +74,19 @@ "name": "https://github.com/ARMmbed/mbedtls/issues/3629" }, { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" } ] } diff --git a/2020/36xxx/CVE-2020-36559.json b/2020/36xxx/CVE-2020-36559.json index 43238b92881c..428624c63dd1 100644 --- a/2020/36xxx/CVE-2020-36559.json +++ b/2020/36xxx/CVE-2020-36559.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 23: Relative Path Traversal" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "aahframe.work", + "product": { + "product_data": [ + { + "product_name": "aahframe.work", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/go-aah/aah/pull/267", + "refsource": "MISC", + "name": "https://github.com/go-aah/aah/pull/267" + }, + { + "url": "https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec", + "refsource": "MISC", + "name": "https://github.com/go-aah/aah/commit/881dc9f71d1f7a4e8a9a39df9c5c081d3a2da1ec" + }, + { + "url": "https://github.com/go-aah/aah/issues/266", + "refsource": "MISC", + "name": "https://github.com/go-aah/aah/issues/266" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0033", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0033" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@snyff" + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36560.json b/2020/36xxx/CVE-2020-36560.json index fa78fce6c4f6..c5c98c34415e 100644 --- a/2020/36xxx/CVE-2020-36560.json +++ b/2020/36xxx/CVE-2020-36560.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 29: Path Traversal: \"\\..\\filename\"" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/artdarek/go-unzip", + "product": { + "product_data": [ + { + "product_name": "github.com/artdarek/go-unzip", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "name": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "url": "https://github.com/artdarek/go-unzip/pull/2", + "refsource": "MISC", + "name": "https://github.com/artdarek/go-unzip/pull/2" + }, + { + "url": "https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0", + "refsource": "MISC", + "name": "https://github.com/artdarek/go-unzip/commit/4975cbe0a719dc50b12da8585f1f207c82f7dfe0" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0034", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0034" } ] } diff --git a/2020/36xxx/CVE-2020-36561.json b/2020/36xxx/CVE-2020-36561.json index 364cce5cabee..2f8b0ad8d25e 100644 --- a/2020/36xxx/CVE-2020-36561.json +++ b/2020/36xxx/CVE-2020-36561.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 29: Path Traversal: \"\\..\\filename\"" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/yi-ge/unzip", + "product": { + "product_data": [ + { + "product_name": "github.com/yi-ge/unzip", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "name": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "url": "https://github.com/yi-ge/unzip/pull/1", + "refsource": "MISC", + "name": "https://github.com/yi-ge/unzip/pull/1" + }, + { + "url": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73", + "refsource": "MISC", + "name": "https://github.com/yi-ge/unzip/commit/2adbaa4891b9690853ef10216189189f5ad7dc73" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0035", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0035" } ] } diff --git a/2020/36xxx/CVE-2020-36562.json b/2020/36xxx/CVE-2020-36562.json index a84d4bb44b49..a26a52041f27 100644 --- a/2020/36xxx/CVE-2020-36562.json +++ b/2020/36xxx/CVE-2020-36562.json @@ -1,18 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/shiyanhui/dht", + "product": { + "product_data": [ + { + "product_name": "github.com/shiyanhui/dht", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shiyanhui/dht/issues/57", + "refsource": "MISC", + "name": "https://github.com/shiyanhui/dht/issues/57" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0040", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0040" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@hMihaiDavid" + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36563.json b/2020/36xxx/CVE-2020-36563.json index 4b9d762c9abe..df28ae091bc2 100644 --- a/2020/36xxx/CVE-2020-36563.json +++ b/2020/36xxx/CVE-2020-36563.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 328: Use of Weak Hash" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/RobotsAndPencils/go-saml", + "product": { + "product_data": [ + { + "product_name": "github.com/RobotsAndPencils/go-saml", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RobotsAndPencils/go-saml/pull/38", + "refsource": "MISC", + "name": "https://github.com/RobotsAndPencils/go-saml/pull/38" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0047", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0047" } ] } diff --git a/2020/36xxx/CVE-2020-36564.json b/2020/36xxx/CVE-2020-36564.json index f9d6849d6489..a2cad99aa57e 100644 --- a/2020/36xxx/CVE-2020-36564.json +++ b/2020/36xxx/CVE-2020-36564.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 345: Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/justinas/nosurf", + "product": { + "product_data": [ + { + "product_name": "github.com/justinas/nosurf", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/justinas/nosurf/pull/60", + "refsource": "MISC", + "name": "https://github.com/justinas/nosurf/pull/60" + }, + { + "url": "https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314", + "refsource": "MISC", + "name": "https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0049", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0049" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@aeneasr" + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36566.json b/2020/36xxx/CVE-2020-36566.json index c0a70e2db1da..8b8e114ebdd7 100644 --- a/2020/36xxx/CVE-2020-36566.json +++ b/2020/36xxx/CVE-2020-36566.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/whyrusleeping/tar-utils", + "product": { + "product_data": [ + { + "product_name": "github.com/whyrusleeping/tar-utils", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227", + "refsource": "MISC", + "name": "https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227" + }, + { + "url": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "name": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2021-0106", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2021-0106" } ] } diff --git a/2020/36xxx/CVE-2020-36567.json b/2020/36xxx/CVE-2020-36567.json index 4afdf9150f40..9786bba501dd 100644 --- a/2020/36xxx/CVE-2020-36567.json +++ b/2020/36xxx/CVE-2020-36567.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117 Improper Output Neutralization for Logs" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/gin-gonic/gin", + "product": { + "product_data": [ + { + "product_name": "github.com/gin-gonic/gin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gin-gonic/gin/pull/2237", + "refsource": "MISC", + "name": "https://github.com/gin-gonic/gin/pull/2237" + }, + { + "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d", + "refsource": "MISC", + "name": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0001", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0001" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@thinkerou " + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36568.json b/2020/36xxx/CVE-2020-36568.json index 85bddec243ab..e8738c6c97d3 100644 --- a/2020/36xxx/CVE-2020-36568.json +++ b/2020/36xxx/CVE-2020-36568.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/revel/revel", + "product": { + "product_data": [ + { + "product_name": "github.com/revel/revel", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/revel/revel/pull/1427", + "refsource": "MISC", + "name": "https://github.com/revel/revel/pull/1427" + }, + { + "url": "https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605", + "refsource": "MISC", + "name": "https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605" + }, + { + "url": "https://github.com/revel/revel/issues/1424", + "refsource": "MISC", + "name": "https://github.com/revel/revel/issues/1424" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0003", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0003" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@SYM01" + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36569.json b/2020/36xxx/CVE-2020-36569.json index 814cebb0fbe7..02fbb3be08df 100644 --- a/2020/36xxx/CVE-2020-36569.json +++ b/2020/36xxx/CVE-2020-36569.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-305: Authentication Bypass by Primary Weakness" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/nanobox-io/golang-nanoauth", + "product": { + "product_data": [ + { + "product_name": "github.com/nanobox-io/golang-nanoauth", + "version": { + "version_data": [ + { + "version_value": "0.0.0-20160722212129-ac0cc4484ad4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nanobox-io/golang-nanoauth/pull/5", + "refsource": "MISC", + "name": "https://github.com/nanobox-io/golang-nanoauth/pull/5" + }, + { + "url": "https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3", + "refsource": "MISC", + "name": "https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2020-0004", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2020-0004" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@bouk" + } + ] } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36607.json b/2020/36xxx/CVE-2020-36607.json index fbbae6591890..b914c492e939 100644 --- a/2020/36xxx/CVE-2020-36607.json +++ b/2020/36xxx/CVE-2020-36607.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-36607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/liufee/cms/issues/45", + "url": "https://github.com/liufee/cms/issues/45" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag." } ] } diff --git a/2020/36xxx/CVE-2020-36612.json b/2020/36xxx/CVE-2020-36612.json new file mode 100644 index 000000000000..ee0d697b50f4 --- /dev/null +++ b/2020/36xxx/CVE-2020-36612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36613.json b/2020/36xxx/CVE-2020-36613.json new file mode 100644 index 000000000000..ff7fe727b2d8 --- /dev/null +++ b/2020/36xxx/CVE-2020-36613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36614.json b/2020/36xxx/CVE-2020-36614.json new file mode 100644 index 000000000000..a97987aab2b6 --- /dev/null +++ b/2020/36xxx/CVE-2020-36614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36615.json b/2020/36xxx/CVE-2020-36615.json new file mode 100644 index 000000000000..825fb3f333d1 --- /dev/null +++ b/2020/36xxx/CVE-2020-36615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36616.json b/2020/36xxx/CVE-2020-36616.json new file mode 100644 index 000000000000..1fb1fe4275ae --- /dev/null +++ b/2020/36xxx/CVE-2020-36616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36617.json b/2020/36xxx/CVE-2020-36617.json new file mode 100644 index 000000000000..86dff81126c7 --- /dev/null +++ b/2020/36xxx/CVE-2020-36617.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36617", + "TITLE": "ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ewxrjk", + "product": { + "product_data": [ + { + "product_name": "sftpserver", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908 Uninitialized Resource -> CWE-824 Uninitialized Pointer" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.6", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7ec5eed", + "refsource": "MISC", + "name": "https://github.com/ewxrjk/sftpserver/commit/bf4032f34832ee11d79aa60a226cc018e7ec5eed" + }, + { + "url": "https://vuldb.com/?id.216205", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216205" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36618.json b/2020/36xxx/CVE-2020-36618.json new file mode 100644 index 000000000000..eba94790e053 --- /dev/null +++ b/2020/36xxx/CVE-2020-36618.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36618", + "TITLE": "Furqan node-whois index.coffee prototype pollution", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Furqan", + "product": { + "product_data": [ + { + "product_name": "node-whois", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection -> CWE-94 Code Injection -> CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FurqanSoftware/node-whois/pull/105", + "refsource": "MISC", + "name": "https://github.com/FurqanSoftware/node-whois/pull/105" + }, + { + "url": "https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076", + "refsource": "MISC", + "name": "https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076" + }, + { + "url": "https://vuldb.com/?id.216252", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216252" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36619.json b/2020/36xxx/CVE-2020-36619.json new file mode 100644 index 000000000000..fa1b98e2cfe6 --- /dev/null +++ b/2020/36xxx/CVE-2020-36619.json @@ -0,0 +1,87 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36619", + "TITLE": "multimon-ng demod_flex.c add_ch format string", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "multimon-ng", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Memory Corruption -> CWE-134 Format String" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EliasOenal/multimon-ng/pull/160", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/pull/160" + }, + { + "url": "https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/releases/tag/1.2.0" + }, + { + "url": "https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07", + "refsource": "MISC", + "name": "https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07" + }, + { + "url": "https://vuldb.com/?id.216269", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216269" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36620.json b/2020/36xxx/CVE-2020-36620.json new file mode 100644 index 000000000000..46a1e3b36e94 --- /dev/null +++ b/2020/36xxx/CVE-2020-36620.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36620", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Brondahl EnumStringValues bis 4.0.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft die Funktion GetStringValuesWithPreferences_Uncache der Datei EnumStringValues/EnumExtensions.cs. Durch Manipulieren mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 4.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c0fc7806beb24883cc2f9543ebc50c0820297307 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brondahl", + "product": { + "product_data": [ + { + "product_name": "EnumStringValues", + "version": { + "version_data": [ + { + "version_value": "4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Brondahl/EnumStringValues/commit/c0fc7806beb24883cc2f9543ebc50c0820297307", + "refsource": "MISC", + "name": "https://github.com/Brondahl/EnumStringValues/commit/c0fc7806beb24883cc2f9543ebc50c0820297307" + }, + { + "url": "https://vuldb.com/?id.216466", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216466" + }, + { + "url": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.1", + "refsource": "MISC", + "name": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36621.json b/2020/36xxx/CVE-2020-36621.json new file mode 100644 index 000000000000..cbb5913df61c --- /dev/null +++ b/2020/36xxx/CVE-2020-36621.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36621", + "TITLE": "chedabob whatismyudid mobileconfig.js exports.enrollment cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chedabob", + "product": { + "product_data": [ + { + "product_name": "whatismyudid", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chedabob/whatismyudid/commit/bb33d4325fba80e7ea68b79121dba025caf6f45f", + "refsource": "MISC", + "name": "https://github.com/chedabob/whatismyudid/commit/bb33d4325fba80e7ea68b79121dba025caf6f45f" + }, + { + "url": "https://vuldb.com/?id.216470", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216470" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36622.json b/2020/36xxx/CVE-2020-36622.json new file mode 100644 index 000000000000..61b9ba02818b --- /dev/null +++ b/2020/36xxx/CVE-2020-36622.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36622", + "TITLE": "sah-comp bienlein cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sah-comp", + "product": { + "product_data": [ + { + "product_name": "bienlein", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b", + "refsource": "MISC", + "name": "https://github.com/sah-comp/bienlein/commit/d7836a4f2b241e4745ede194f0f6fb47199cab6b" + }, + { + "url": "https://vuldb.com/?id.216473", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216473" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36623.json b/2020/36xxx/CVE-2020-36623.json new file mode 100644 index 000000000000..603148dd13fa --- /dev/null +++ b/2020/36xxx/CVE-2020-36623.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36623", + "TITLE": "Pengu index.js runApp cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Pengu", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jtojnar/pengu/commit/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91", + "refsource": "MISC", + "name": "https://github.com/jtojnar/pengu/commit/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91" + }, + { + "url": "https://vuldb.com/?id.216475", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216475" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36624.json b/2020/36xxx/CVE-2020-36624.json new file mode 100644 index 000000000000..b506dac7d5c8 --- /dev/null +++ b/2020/36xxx/CVE-2020-36624.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36624", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520." + }, + { + "lang": "deu", + "value": "In ahorner text-helpers bis 1.0.x wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei lib/text_helpers/translation.rb. Durch das Manipulieren des Arguments link mit unbekannten Daten kann eine use of web link to untrusted target with window.opener access-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 184b60ded0e43c985788582aca2d1e746f9405a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access", + "cweId": "CWE-1022" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ahorner", + "product": { + "product_data": [ + { + "product_name": "text-helpers", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ahorner/text-helpers/pull/19", + "refsource": "MISC", + "name": "https://github.com/ahorner/text-helpers/pull/19" + }, + { + "url": "https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3", + "refsource": "MISC", + "name": "https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3" + }, + { + "url": "https://vuldb.com/?id.216520", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216520" + }, + { + "url": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0", + "refsource": "MISC", + "name": "https://github.com/ahorner/text-helpers/releases/tag/v1.1.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36625.json b/2020/36xxx/CVE-2020-36625.json new file mode 100644 index 000000000000..d4e7a09bd317 --- /dev/null +++ b/2020/36xxx/CVE-2020-36625.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36625", + "TITLE": "destiny.gg chat main.go websocket.Upgrader cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "destiny.gg", + "product": { + "product_data": [ + { + "product_name": "chat", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/destinygg/chat/pull/35", + "refsource": "MISC", + "name": "https://github.com/destinygg/chat/pull/35" + }, + { + "url": "https://github.com/destinygg/chat/commit/bebd256fc3063111fb4503ca25e005ebf6e73780", + "refsource": "MISC", + "name": "https://github.com/destinygg/chat/commit/bebd256fc3063111fb4503ca25e005ebf6e73780" + }, + { + "url": "https://vuldb.com/?id.216521", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216521" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36626.json b/2020/36xxx/CVE-2020-36626.json new file mode 100644 index 000000000000..86fdc42b326e --- /dev/null +++ b/2020/36xxx/CVE-2020-36626.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36626", + "TITLE": "Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Modern Tribe", + "product": { + "product_data": [ + { + "product_name": "Panel Builder Plugin", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4528d4f855dbbf24e9fc12a162fda84ce3bedc2f. It is recommended to apply a patch to fix this issue. VDB-216738 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/moderntribe/panel-builder/pull/173", + "refsource": "MISC", + "name": "https://github.com/moderntribe/panel-builder/pull/173" + }, + { + "url": "https://github.com/moderntribe/panel-builder/commit/4528d4f855dbbf24e9fc12a162fda84ce3bedc2f", + "refsource": "MISC", + "name": "https://github.com/moderntribe/panel-builder/commit/4528d4f855dbbf24e9fc12a162fda84ce3bedc2f" + }, + { + "url": "https://vuldb.com/?id.216738", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216738" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36627.json b/2020/36xxx/CVE-2020-36627.json new file mode 100644 index 000000000000..fc3c637f5972 --- /dev/null +++ b/2020/36xxx/CVE-2020-36627.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36627", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Macaron i18n wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei i18n.go. Dank Manipulation mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.5.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 329b0c4844cc16a5a253c011b55180598e707735 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 Open Redirect", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Macaron", + "product": { + "product_data": [ + { + "product_name": "i18n", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216745", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216745" + }, + { + "url": "https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735", + "refsource": "MISC", + "name": "https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735" + }, + { + "url": "https://github.com/go-macaron/i18n/releases/tag/v0.5.0", + "refsource": "MISC", + "name": "https://github.com/go-macaron/i18n/releases/tag/v0.5.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36628.json b/2020/36xxx/CVE-2020-36628.json new file mode 100644 index 000000000000..49104fac30c5 --- /dev/null +++ b/2020/36xxx/CVE-2020-36628.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36628", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Calsign APDE entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handleExtract der Datei APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java der Komponente ZIP File Handler. Durch die Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.5.2-pre2-alpha vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Calsign", + "product": { + "product_data": [ + { + "product_name": "APDE", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216747", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216747" + }, + { + "url": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf", + "refsource": "MISC", + "name": "https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf" + }, + { + "url": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha", + "refsource": "MISC", + "name": "https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36629.json b/2020/36xxx/CVE-2020-36629.json new file mode 100644 index 000000000000..4cdb6bdf29d9 --- /dev/null +++ b/2020/36xxx/CVE-2020-36629.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36629", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748." + }, + { + "lang": "deu", + "value": "In SimbCo httpster wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion fs.realpathSync der Datei src/server.coffee. Durch Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als d3055b3e30b40b65d30c5a06d6e053dffa7f35d0 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SimbCo", + "product": { + "product_data": [ + { + "product_name": "httpster", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216748", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216748" + }, + { + "url": "https://github.com/SimbCo/httpster/pull/36", + "refsource": "MISC", + "name": "https://github.com/SimbCo/httpster/pull/36" + }, + { + "url": "https://github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0", + "refsource": "MISC", + "name": "https://github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36630.json b/2020/36xxx/CVE-2020-36630.json new file mode 100644 index 000000000000..3153f1be42e9 --- /dev/null +++ b/2020/36xxx/CVE-2020-36630.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36630", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of the patch is f1a9eea2dfff30fb99d825bac194a676a82b9ec8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216771." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in FreePBX cdr 14.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion ajaxHandler der Datei ucp/Cdr.class.php. Mittels dem Manipulieren des Arguments limit/offset mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 14.0.5.21 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f1a9eea2dfff30fb99d825bac194a676a82b9ec8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreePBX", + "product": { + "product_data": [ + { + "product_name": "cdr", + "version": { + "version_data": [ + { + "version_value": "14.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216771", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216771" + }, + { + "url": "https://vuldb.com/?ctiid.216771", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216771" + }, + { + "url": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8", + "refsource": "MISC", + "name": "https://github.com/FreePBX/cdr/commit/f1a9eea2dfff30fb99d825bac194a676a82b9ec8" + }, + { + "url": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21", + "refsource": "MISC", + "name": "https://github.com/FreePBX/cdr/releases/tag/release%2F14.0.5.21" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36631.json b/2020/36xxx/CVE-2020-36631.json new file mode 100644 index 000000000000..aace8ec66c5c --- /dev/null +++ b/2020/36xxx/CVE-2020-36631.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36631", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated remotely. The name of the patch is f70eb21394f75019886fbc2fb536de36161ba422. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216772." + }, + { + "lang": "deu", + "value": "In barronwaffles dwc_network_server_emulator wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion update_profile der Datei gamespy/gs_database.py. Mittels Manipulieren des Arguments firstname/lastname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als f70eb21394f75019886fbc2fb536de36161ba422 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "barronwaffles", + "product": { + "product_data": [ + { + "product_name": "dwc_network_server_emulator", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216772", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216772" + }, + { + "url": "https://vuldb.com/?ctiid.216772", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216772" + }, + { + "url": "https://github.com/barronwaffles/dwc_network_server_emulator/pull/538", + "refsource": "MISC", + "name": "https://github.com/barronwaffles/dwc_network_server_emulator/pull/538" + }, + { + "url": "https://github.com/barronwaffles/dwc_network_server_emulator/commit/f70eb21394f75019886fbc2fb536de36161ba422", + "refsource": "MISC", + "name": "https://github.com/barronwaffles/dwc_network_server_emulator/commit/f70eb21394f75019886fbc2fb536de36161ba422" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36632.json b/2020/36xxx/CVE-2020-36632.json new file mode 100644 index 000000000000..7a6e521b4ad7 --- /dev/null +++ b/2020/36xxx/CVE-2020-36632.json @@ -0,0 +1,109 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36632", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in hughsk flat bis 5.0.0 gefunden. Es geht dabei um die Funktion unflatten der Datei index.js. Dank der Manipulation mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 5.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 20ef0ef55dfa028caddaedbcb33efbdb04d18e13 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hughsk", + "product": { + "product_data": [ + { + "product_name": "flat", + "version": { + "version_data": [ + { + "version_value": "5.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hughsk/flat/issues/105", + "refsource": "MISC", + "name": "https://github.com/hughsk/flat/issues/105" + }, + { + "url": "https://github.com/hughsk/flat/pull/106", + "refsource": "MISC", + "name": "https://github.com/hughsk/flat/pull/106" + }, + { + "url": "https://vuldb.com/?id.216777", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216777" + }, + { + "url": "https://vuldb.com/?ctiid.216777", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216777" + }, + { + "url": "https://github.com/hughsk/flat/commit/20ef0ef55dfa028caddaedbcb33efbdb04d18e13", + "refsource": "MISC", + "name": "https://github.com/hughsk/flat/commit/20ef0ef55dfa028caddaedbcb33efbdb04d18e13" + }, + { + "url": "https://github.com/hughsk/flat/releases/tag/5.0.1", + "refsource": "MISC", + "name": "https://github.com/hughsk/flat/releases/tag/5.0.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36633.json b/2020/36xxx/CVE-2020-36633.json new file mode 100644 index 000000000000..4cb2df9035df --- /dev/null +++ b/2020/36xxx/CVE-2020-36633.json @@ -0,0 +1,104 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36633", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in moodle-block_sitenews 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion get_content der Datei block_sitenews.php. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cd18d8b1afe464ae6626832496f4e070bac4c58f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "moodle-block_sitenews", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216879", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216879" + }, + { + "url": "https://vuldb.com/?ctiid.216879", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216879" + }, + { + "url": "https://github.com/eberhardt/moodle-block_sitenews/pull/5", + "refsource": "MISC", + "name": "https://github.com/eberhardt/moodle-block_sitenews/pull/5" + }, + { + "url": "https://github.com/eberhardt/moodle-block_sitenews/commit/cd18d8b1afe464ae6626832496f4e070bac4c58f", + "refsource": "MISC", + "name": "https://github.com/eberhardt/moodle-block_sitenews/commit/cd18d8b1afe464ae6626832496f4e070bac4c58f" + }, + { + "url": "https://github.com/eberhardt/moodle-block_sitenews/releases/tag/v1.1", + "refsource": "MISC", + "name": "https://github.com/eberhardt/moodle-block_sitenews/releases/tag/v1.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36634.json b/2020/36xxx/CVE-2020-36634.json new file mode 100644 index 000000000000..ec9b84274fa4 --- /dev/null +++ b/2020/36xxx/CVE-2020-36634.json @@ -0,0 +1,231 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36634", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Indeed Engineering util bis 1.0.33 entdeckt. Es geht dabei um die Funktion visit/appendTo der Datei varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.34 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c0952a9db51a880e9544d9fac2a2218a6bfc9c63 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Indeed Engineering", + "product": { + "product_data": [ + { + "product_name": "util", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + }, + { + "version_value": "1.0.6", + "version_affected": "=" + }, + { + "version_value": "1.0.7", + "version_affected": "=" + }, + { + "version_value": "1.0.8", + "version_affected": "=" + }, + { + "version_value": "1.0.9", + "version_affected": "=" + }, + { + "version_value": "1.0.10", + "version_affected": "=" + }, + { + "version_value": "1.0.11", + "version_affected": "=" + }, + { + "version_value": "1.0.12", + "version_affected": "=" + }, + { + "version_value": "1.0.13", + "version_affected": "=" + }, + { + "version_value": "1.0.14", + "version_affected": "=" + }, + { + "version_value": "1.0.15", + "version_affected": "=" + }, + { + "version_value": "1.0.16", + "version_affected": "=" + }, + { + "version_value": "1.0.17", + "version_affected": "=" + }, + { + "version_value": "1.0.18", + "version_affected": "=" + }, + { + "version_value": "1.0.19", + "version_affected": "=" + }, + { + "version_value": "1.0.20", + "version_affected": "=" + }, + { + "version_value": "1.0.21", + "version_affected": "=" + }, + { + "version_value": "1.0.22", + "version_affected": "=" + }, + { + "version_value": "1.0.23", + "version_affected": "=" + }, + { + "version_value": "1.0.24", + "version_affected": "=" + }, + { + "version_value": "1.0.25", + "version_affected": "=" + }, + { + "version_value": "1.0.26", + "version_affected": "=" + }, + { + "version_value": "1.0.27", + "version_affected": "=" + }, + { + "version_value": "1.0.28", + "version_affected": "=" + }, + { + "version_value": "1.0.29", + "version_affected": "=" + }, + { + "version_value": "1.0.30", + "version_affected": "=" + }, + { + "version_value": "1.0.31", + "version_affected": "=" + }, + { + "version_value": "1.0.32", + "version_affected": "=" + }, + { + "version_value": "1.0.33", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216882", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216882" + }, + { + "url": "https://vuldb.com/?ctiid.216882", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216882" + }, + { + "url": "https://github.com/indeedeng/util/commit/c0952a9db51a880e9544d9fac2a2218a6bfc9c63", + "refsource": "MISC", + "name": "https://github.com/indeedeng/util/commit/c0952a9db51a880e9544d9fac2a2218a6bfc9c63" + }, + { + "url": "https://github.com/indeedeng/util/releases/tag/published%2F1.0.34", + "refsource": "MISC", + "name": "https://github.com/indeedeng/util/releases/tag/published%2F1.0.34" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36635.json b/2020/36xxx/CVE-2020-36635.json new file mode 100644 index 000000000000..fc3fcdb304d8 --- /dev/null +++ b/2020/36xxx/CVE-2020-36635.json @@ -0,0 +1,152 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36635", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenMRS Appointment Scheduling Module up to 1.12.x. It has been classified as problematic. This affects the function validateFieldName of the file api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.13.0 is able to address this issue. The name of the patch is 34213c3f6ea22df427573076fb62744694f601d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216915." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in OpenMRS Appointment Scheduling Module bis 1.12.x ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft die Funktion validateFieldName der Datei api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.13.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 34213c3f6ea22df427573076fb62744694f601d8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "Appointment Scheduling Module", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + }, + { + "version_value": "1.6", + "version_affected": "=" + }, + { + "version_value": "1.7", + "version_affected": "=" + }, + { + "version_value": "1.8", + "version_affected": "=" + }, + { + "version_value": "1.9", + "version_affected": "=" + }, + { + "version_value": "1.10", + "version_affected": "=" + }, + { + "version_value": "1.11", + "version_affected": "=" + }, + { + "version_value": "1.12", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216915", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216915" + }, + { + "url": "https://vuldb.com/?ctiid.216915", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216915" + }, + { + "url": "https://github.com/openmrs/openmrs-module-appointmentscheduling/pull/32", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-appointmentscheduling/pull/32" + }, + { + "url": "https://github.com/openmrs/openmrs-module-appointmentscheduling/commit/34213c3f6ea22df427573076fb62744694f601d8", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-appointmentscheduling/commit/34213c3f6ea22df427573076fb62744694f601d8" + }, + { + "url": "https://github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.13.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-appointmentscheduling/releases/tag/1.13.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36636.json b/2020/36xxx/CVE-2020-36636.json new file mode 100644 index 000000000000..0cfca75b890b --- /dev/null +++ b/2020/36xxx/CVE-2020-36636.json @@ -0,0 +1,120 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36636", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 702fbfdac7c4418f23bb5f6452482b4a88020061. It is recommended to upgrade the affected component. VDB-216918 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in OpenMRS Admin UI Module bis 1.4.x entdeckt. Dabei betrifft es die Funktion sendErrorMessage der Datei omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java der Komponente Account Setup Handler. Durch das Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.5.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 702fbfdac7c4418f23bb5f6452482b4a88020061 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "Admin UI Module", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216918", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216918" + }, + { + "url": "https://vuldb.com/?ctiid.216918", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216918" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/pull/57", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/pull/57" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/commit/702fbfdac7c4418f23bb5f6452482b4a88020061", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/commit/702fbfdac7c4418f23bb5f6452482b4a88020061" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.5.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.5.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36637.json b/2020/36xxx/CVE-2020-36637.json new file mode 100644 index 000000000000..61caa9323600 --- /dev/null +++ b/2020/36xxx/CVE-2020-36637.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36637", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **In Chris92de AdminServ wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei resources/core/adminserv.php. Dank Manipulation des Arguments text mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chris92de", + "product": { + "product_data": [ + { + "product_name": "AdminServ", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217042", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217042" + }, + { + "url": "https://vuldb.com/?ctiid.217042", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217042" + }, + { + "url": "https://github.com/Chris92de/AdminServ/pull/7", + "refsource": "MISC", + "name": "https://github.com/Chris92de/AdminServ/pull/7" + }, + { + "url": "https://github.com/Chris92de/AdminServ/commit/3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7", + "refsource": "MISC", + "name": "https://github.com/Chris92de/AdminServ/commit/3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36638.json b/2020/36xxx/CVE-2020-36638.json new file mode 100644 index 000000000000..127e19e1538d --- /dev/null +++ b/2020/36xxx/CVE-2020-36638.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36638", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in Chris92de AdminServ ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei resources/core/adminserv.php. Mit der Manipulation des Arguments error mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 9a45087814295de6fb3a3fe38f96293665234da1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Chris92de", + "product": { + "product_data": [ + { + "product_name": "AdminServ", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217043", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217043" + }, + { + "url": "https://vuldb.com/?ctiid.217043", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217043" + }, + { + "url": "https://github.com/Chris92de/AdminServ/pull/6", + "refsource": "MISC", + "name": "https://github.com/Chris92de/AdminServ/pull/6" + }, + { + "url": "https://github.com/Chris92de/AdminServ/commit/9a45087814295de6fb3a3fe38f96293665234da1", + "refsource": "MISC", + "name": "https://github.com/Chris92de/AdminServ/commit/9a45087814295de6fb3a3fe38f96293665234da1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36639.json b/2020/36xxx/CVE-2020-36639.json new file mode 100644 index 000000000000..b6d2a1b88570 --- /dev/null +++ b/2020/36xxx/CVE-2020-36639.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36639", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in AlliedModders AMX Mod X and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The name of the patch is a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In AlliedModders AMX Mod X wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion cmdVoteMap der Datei plugins/adminvote.sma der Komponente Console Command Handler. Mittels dem Manipulieren des Arguments amx_votemap mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als a5f2b5539f6d61050b68df8b22ebb343a2862681 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AlliedModders", + "product": { + "product_data": [ + { + "product_name": "AMX Mod X", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217354", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217354" + }, + { + "url": "https://vuldb.com/?ctiid.217354", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217354" + }, + { + "url": "https://github.com/alliedmodders/amxmodx/pull/823", + "refsource": "MISC", + "name": "https://github.com/alliedmodders/amxmodx/pull/823" + }, + { + "url": "https://github.com/alliedmodders/amxmodx/commit/a5f2b5539f6d61050b68df8b22ebb343a2862681", + "refsource": "MISC", + "name": "https://github.com/alliedmodders/amxmodx/commit/a5f2b5539f6d61050b68df8b22ebb343a2862681" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.7, + "vectorString": "AV:A/AC:L/Au:M/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36640.json b/2020/36xxx/CVE-2020-36640.json new file mode 100644 index 000000000000..ed14b6952b68 --- /dev/null +++ b/2020/36xxx/CVE-2020-36640.json @@ -0,0 +1,128 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36640", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in bonitasoft bonita-connector-webservice bis 1.3.0 gefunden. Dabei betrifft es die Funktion TransformerConfigurationException der Datei src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.3.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a12ad691c05af19e9061d7949b6b828ce48815d5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bonitasoft", + "product": { + "product_data": [ + { + "product_name": "bonita-connector-webservice", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217443", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217443" + }, + { + "url": "https://vuldb.com/?ctiid.217443", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217443" + }, + { + "url": "https://github.com/bonitasoft/bonita-connector-webservice/pull/17", + "refsource": "MISC", + "name": "https://github.com/bonitasoft/bonita-connector-webservice/pull/17" + }, + { + "url": "https://github.com/bonitasoft/bonita-connector-webservice/commit/a12ad691c05af19e9061d7949b6b828ce48815d5", + "refsource": "MISC", + "name": "https://github.com/bonitasoft/bonita-connector-webservice/commit/a12ad691c05af19e9061d7949b6b828ce48815d5" + }, + { + "url": "https://github.com/bonitasoft/bonita-connector-webservice/releases/tag/1.3.1", + "refsource": "MISC", + "name": "https://github.com/bonitasoft/bonita-connector-webservice/releases/tag/1.3.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36641.json b/2020/36xxx/CVE-2020-36641.json new file mode 100644 index 000000000000..131b62b6839e --- /dev/null +++ b/2020/36xxx/CVE-2020-36641.json @@ -0,0 +1,159 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36641", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The name of the patch is ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In gturri aXMLRPC bis 1.12.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um die Funktion ResponseParser der Datei src/main/java/de/timroes/axmlrpc/ResponseParser.java. Mit der Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.12.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ad6615b3ec41353e614f6ea5fdd5b046442a832b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gturri", + "product": { + "product_data": [ + { + "product_name": "aXMLRPC", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + }, + { + "version_value": "1.6", + "version_affected": "=" + }, + { + "version_value": "1.7", + "version_affected": "=" + }, + { + "version_value": "1.8", + "version_affected": "=" + }, + { + "version_value": "1.9", + "version_affected": "=" + }, + { + "version_value": "1.10", + "version_affected": "=" + }, + { + "version_value": "1.11", + "version_affected": "=" + }, + { + "version_value": "1.12", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217450", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217450" + }, + { + "url": "https://vuldb.com/?ctiid.217450", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217450" + }, + { + "url": "https://github.com/gturri/aXMLRPC/commit/ad6615b3ec41353e614f6ea5fdd5b046442a832b", + "refsource": "MISC", + "name": "https://github.com/gturri/aXMLRPC/commit/ad6615b3ec41353e614f6ea5fdd5b046442a832b" + }, + { + "url": "https://github.com/gturri/aXMLRPC/releases/tag/aXMLRPC-1.12.1", + "refsource": "MISC", + "name": "https://github.com/gturri/aXMLRPC/releases/tag/aXMLRPC-1.12.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36642.json b/2020/36xxx/CVE-2020-36642.json new file mode 100644 index 000000000000..b34a5abcab06 --- /dev/null +++ b/2020/36xxx/CVE-2020-36642.json @@ -0,0 +1,140 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36642", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in trampgeek jobe bis 1.6.x gefunden. Betroffen davon ist die Funktion run_in_sandbox der Datei application/libraries/LanguageTask.php. Mittels Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.7.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8f43daf50c943b98eaf0c542da901a4a16e85b02 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "trampgeek", + "product": { + "product_data": [ + { + "product_name": "jobe", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + }, + { + "version_value": "1.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217553", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217553" + }, + { + "url": "https://vuldb.com/?ctiid.217553", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217553" + }, + { + "url": "https://github.com/trampgeek/jobe/issues/39", + "refsource": "MISC", + "name": "https://github.com/trampgeek/jobe/issues/39" + }, + { + "url": "https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02", + "refsource": "MISC", + "name": "https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02" + }, + { + "url": "https://github.com/trampgeek/jobe/releases/tag/v1.7.0", + "refsource": "MISC", + "name": "https://github.com/trampgeek/jobe/releases/tag/v1.7.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36643.json b/2020/36xxx/CVE-2020-36643.json new file mode 100644 index 000000000000..3f20a6c1ca95 --- /dev/null +++ b/2020/36xxx/CVE-2020-36643.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36643", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in intgr uqm-wasm ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion log_displayBox in der Bibliothek sc2/src/libs/log/msgbox_macosx.m. Mittels dem Manipulieren mit unbekannten Daten kann eine format string-Schwachstelle ausgenutzt werden. Der Patch wird als 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134 Format String", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "intgr", + "product": { + "product_data": [ + { + "product_name": "uqm-wasm", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217563", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217563" + }, + { + "url": "https://vuldb.com/?ctiid.217563", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217563" + }, + { + "url": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f", + "refsource": "MISC", + "name": "https://github.com/intgr/uqm-wasm/commit/1d5cbf3350a02c423ad6bef6dfd5300d38aa828f" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36644.json b/2020/36xxx/CVE-2020-36644.json new file mode 100644 index 000000000000..d4c33b386d92 --- /dev/null +++ b/2020/36xxx/CVE-2020-36644.json @@ -0,0 +1,120 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36644", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In jamesmartin Inline SVG bis 1.7.1 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei lib/inline_svg/action_view/helpers.rb der Komponente URL Parameter Handler. Mittels Manipulieren des Arguments filename mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.7.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f5363b351508486021f99e083c92068cf2943621 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "jamesmartin", + "product": { + "product_data": [ + { + "product_name": "Inline SVG", + "version": { + "version_data": [ + { + "version_value": "1.7.0", + "version_affected": "=" + }, + { + "version_value": "1.7.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217597", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217597" + }, + { + "url": "https://vuldb.com/?ctiid.217597", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217597" + }, + { + "url": "https://github.com/jamesmartin/inline_svg/pull/117", + "refsource": "MISC", + "name": "https://github.com/jamesmartin/inline_svg/pull/117" + }, + { + "url": "https://github.com/jamesmartin/inline_svg/commit/f5363b351508486021f99e083c92068cf2943621", + "refsource": "MISC", + "name": "https://github.com/jamesmartin/inline_svg/commit/f5363b351508486021f99e083c92068cf2943621" + }, + { + "url": "https://github.com/jamesmartin/inline_svg/releases/tag/v1.7.2", + "refsource": "MISC", + "name": "https://github.com/jamesmartin/inline_svg/releases/tag/v1.7.2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36645.json b/2020/36xxx/CVE-2020-36645.json new file mode 100644 index 000000000000..c4aaefd2cfb2 --- /dev/null +++ b/2020/36xxx/CVE-2020-36645.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36645", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in square squalor gefunden. Dabei betrifft es einen unbekannter Codeteil. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version v0.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f6f0a47cc344711042eb0970cb423e6950ba3f93 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "square", + "product": { + "product_data": [ + { + "product_name": "squalor", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217623", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217623" + }, + { + "url": "https://vuldb.com/?ctiid.217623", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217623" + }, + { + "url": "https://github.com/square/squalor/pull/76", + "refsource": "MISC", + "name": "https://github.com/square/squalor/pull/76" + }, + { + "url": "https://github.com/square/squalor/commit/f6f0a47cc344711042eb0970cb423e6950ba3f93", + "refsource": "MISC", + "name": "https://github.com/square/squalor/commit/f6f0a47cc344711042eb0970cb423e6950ba3f93" + }, + { + "url": "https://github.com/square/squalor/releases/tag/v0.0.0", + "refsource": "MISC", + "name": "https://github.com/square/squalor/releases/tag/v0.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36646.json b/2020/36xxx/CVE-2020-36646.json new file mode 100644 index 000000000000..4bc2fded3527 --- /dev/null +++ b/2020/36xxx/CVE-2020-36646.json @@ -0,0 +1,268 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36646", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in MediaArea ZenLib bis 0.4.38 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion Ztring::Date_From_Seconds_1970_Local der Datei Source/ZenLib/Ztring.cpp. Mittels dem Manipulieren des Arguments Value mit unbekannten Daten kann eine unchecked return value to null pointer dereference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.4.39 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference", + "cweId": "CWE-690" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaArea", + "product": { + "product_data": [ + { + "product_name": "ZenLib", + "version": { + "version_data": [ + { + "version_value": "0.4.0", + "version_affected": "=" + }, + { + "version_value": "0.4.1", + "version_affected": "=" + }, + { + "version_value": "0.4.2", + "version_affected": "=" + }, + { + "version_value": "0.4.3", + "version_affected": "=" + }, + { + "version_value": "0.4.4", + "version_affected": "=" + }, + { + "version_value": "0.4.5", + "version_affected": "=" + }, + { + "version_value": "0.4.6", + "version_affected": "=" + }, + { + "version_value": "0.4.7", + "version_affected": "=" + }, + { + "version_value": "0.4.8", + "version_affected": "=" + }, + { + "version_value": "0.4.9", + "version_affected": "=" + }, + { + "version_value": "0.4.10", + "version_affected": "=" + }, + { + "version_value": "0.4.11", + "version_affected": "=" + }, + { + "version_value": "0.4.12", + "version_affected": "=" + }, + { + "version_value": "0.4.13", + "version_affected": "=" + }, + { + "version_value": "0.4.14", + "version_affected": "=" + }, + { + "version_value": "0.4.15", + "version_affected": "=" + }, + { + "version_value": "0.4.16", + "version_affected": "=" + }, + { + "version_value": "0.4.17", + "version_affected": "=" + }, + { + "version_value": "0.4.18", + "version_affected": "=" + }, + { + "version_value": "0.4.19", + "version_affected": "=" + }, + { + "version_value": "0.4.20", + "version_affected": "=" + }, + { + "version_value": "0.4.21", + "version_affected": "=" + }, + { + "version_value": "0.4.22", + "version_affected": "=" + }, + { + "version_value": "0.4.23", + "version_affected": "=" + }, + { + "version_value": "0.4.24", + "version_affected": "=" + }, + { + "version_value": "0.4.25", + "version_affected": "=" + }, + { + "version_value": "0.4.26", + "version_affected": "=" + }, + { + "version_value": "0.4.27", + "version_affected": "=" + }, + { + "version_value": "0.4.28", + "version_affected": "=" + }, + { + "version_value": "0.4.29", + "version_affected": "=" + }, + { + "version_value": "0.4.30", + "version_affected": "=" + }, + { + "version_value": "0.4.31", + "version_affected": "=" + }, + { + "version_value": "0.4.32", + "version_affected": "=" + }, + { + "version_value": "0.4.33", + "version_affected": "=" + }, + { + "version_value": "0.4.34", + "version_affected": "=" + }, + { + "version_value": "0.4.35", + "version_affected": "=" + }, + { + "version_value": "0.4.36", + "version_affected": "=" + }, + { + "version_value": "0.4.37", + "version_affected": "=" + }, + { + "version_value": "0.4.38", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217629", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217629" + }, + { + "url": "https://vuldb.com/?ctiid.217629", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217629" + }, + { + "url": "https://github.com/MediaArea/ZenLib/pull/119", + "refsource": "MISC", + "name": "https://github.com/MediaArea/ZenLib/pull/119" + }, + { + "url": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408", + "refsource": "MISC", + "name": "https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408" + }, + { + "url": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39", + "refsource": "MISC", + "name": "https://github.com/MediaArea/ZenLib/releases/tag/v0.4.39" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36647.json b/2020/36xxx/CVE-2020-36647.json new file mode 100644 index 000000000000..426978542653 --- /dev/null +++ b/2020/36xxx/CVE-2020-36647.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36647", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in YunoHost-Apps transmission_ynh entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei conf/nginx.conf. Durch die Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als f136dfd44eda128129e5fd2d850a3a3c600e6a4a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YunoHost-Apps", + "product": { + "product_data": [ + { + "product_name": "transmission_ynh", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217638", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217638" + }, + { + "url": "https://vuldb.com/?ctiid.217638", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217638" + }, + { + "url": "https://github.com/YunoHost-Apps/transmission_ynh/pull/75", + "refsource": "MISC", + "name": "https://github.com/YunoHost-Apps/transmission_ynh/pull/75" + }, + { + "url": "https://github.com/YunoHost-Apps/transmission_ynh/commit/f136dfd44eda128129e5fd2d850a3a3c600e6a4a", + "refsource": "MISC", + "name": "https://github.com/YunoHost-Apps/transmission_ynh/commit/f136dfd44eda128129e5fd2d850a3a3c600e6a4a" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36648.json b/2020/36xxx/CVE-2020-36648.json new file mode 100644 index 000000000000..2fdf6569f917 --- /dev/null +++ b/2020/36xxx/CVE-2020-36648.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36648", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in pouetnet pouet 2.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock. Mittels Manipulieren des Arguments howmany mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 11d615931352066fb2f6dcb07428277c2cd99baf bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pouetnet", + "product": { + "product_data": [ + { + "product_name": "pouet", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217641", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217641" + }, + { + "url": "https://vuldb.com/?ctiid.217641", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217641" + }, + { + "url": "https://github.com/pouetnet/pouet2.0/commit/11d615931352066fb2f6dcb07428277c2cd99baf", + "refsource": "MISC", + "name": "https://github.com/pouetnet/pouet2.0/commit/11d615931352066fb2f6dcb07428277c2cd99baf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36649.json b/2020/36xxx/CVE-2020-36649.json new file mode 100644 index 000000000000..a21f719984d0 --- /dev/null +++ b/2020/36xxx/CVE-2020-36649.json @@ -0,0 +1,125 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36649", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in mholt PapaParse bis 5.1.x ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei papaparse.js. Mittels Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 5.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 235a12758cd77266d2e98fd715f53536b34ad621 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mholt", + "product": { + "product_data": [ + { + "product_name": "PapaParse", + "version": { + "version_data": [ + { + "version_value": "5.0", + "version_affected": "=" + }, + { + "version_value": "5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218004", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218004" + }, + { + "url": "https://vuldb.com/?ctiid.218004", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218004" + }, + { + "url": "https://github.com/mholt/PapaParse/issues/777", + "refsource": "MISC", + "name": "https://github.com/mholt/PapaParse/issues/777" + }, + { + "url": "https://github.com/mholt/PapaParse/pull/779", + "refsource": "MISC", + "name": "https://github.com/mholt/PapaParse/pull/779" + }, + { + "url": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621", + "refsource": "MISC", + "name": "https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621" + }, + { + "url": "https://github.com/mholt/PapaParse/releases/tag/5.2.0", + "refsource": "MISC", + "name": "https://github.com/mholt/PapaParse/releases/tag/5.2.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36650.json b/2020/36xxx/CVE-2020-36650.json new file mode 100644 index 000000000000..7024effc5066 --- /dev/null +++ b/2020/36xxx/CVE-2020-36650.json @@ -0,0 +1,116 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-36650", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in IonicaBizau node-gry bis 5.x gefunden. Betroffen hiervon ist ein unbekannter Ablauf. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 6.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5108446c1e23960d65e8b973f1d9486f9f9dbd6c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IonicaBizau", + "product": { + "product_data": [ + { + "product_name": "node-gry", + "version": { + "version_data": [ + { + "version_value": "5.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.218019", + "refsource": "MISC", + "name": "https://vuldb.com/?id.218019" + }, + { + "url": "https://vuldb.com/?ctiid.218019", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.218019" + }, + { + "url": "https://github.com/IonicaBizau/node-gry/pull/22", + "refsource": "MISC", + "name": "https://github.com/IonicaBizau/node-gry/pull/22" + }, + { + "url": "https://github.com/IonicaBizau/node-gry/commit/5108446c1e23960d65e8b973f1d9486f9f9dbd6c", + "refsource": "MISC", + "name": "https://github.com/IonicaBizau/node-gry/commit/5108446c1e23960d65e8b973f1d9486f9f9dbd6c" + }, + { + "url": "https://github.com/IonicaBizau/node-gry/releases/tag/6.0.0", + "refsource": "MISC", + "name": "https://github.com/IonicaBizau/node-gry/releases/tag/6.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4497.json b/2020/4xxx/CVE-2020-4497.json index 8a83684cda7e..cd293dcc8b18 100644 --- a/2020/4xxx/CVE-2020-4497.json +++ b/2020/4xxx/CVE-2020-4497.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6847627", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6847627" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2020/7xxx/CVE-2020-7112.json b/2020/7xxx/CVE-2020-7112.json index 5e246b46dd3d..6a6eafbd9992 100644 --- a/2020/7xxx/CVE-2020-7112.json +++ b/2020/7xxx/CVE-2020-7112.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/7xxx/CVE-2020-7118.json b/2020/7xxx/CVE-2020-7118.json index c467398ed453..fdd5fbc3f6c8 100644 --- a/2020/7xxx/CVE-2020-7118.json +++ b/2020/7xxx/CVE-2020-7118.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2020/7xxx/CVE-2020-7346.json b/2020/7xxx/CVE-2020-7346.json index b0b8252fed32..e40df9abbc9f 100644 --- a/2020/7xxx/CVE-2020-7346.json +++ b/2020/7xxx/CVE-2020-7346.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2020-7346", - "STATE": "PUBLIC", - "TITLE": "Privilege escalation in McAfee DLP Endpoint for Windows" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "McAfee,LLC", "product": { "product_data": [ { @@ -16,72 +40,49 @@ "version": { "version_data": [ { - "platform": "Windows", - "version_affected": "<", - "version_value": "11.6.100" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "McAfee,LLC" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time." + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10344", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10344" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269: Privilege escalation vulnerability\t" - } - ] - } - ] + "source": { + "discovery": "EXTERNAL" }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10344", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10344" + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] - }, - "source": { - "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8813.json b/2020/8xxx/CVE-2020-8813.json index d0a10d29cdc7..3c435f1323dc 100644 --- a/2020/8xxx/CVE-2020-8813.json +++ b/2020/8xxx/CVE-2020-8813.json @@ -126,6 +126,11 @@ "refsource": "GENTOO", "name": "GLSA-202004-16", "url": "https://security.gentoo.org/glsa/202004-16" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html" } ] } diff --git a/2021/21xxx/CVE-2021-21200.json b/2021/21xxx/CVE-2021-21200.json index e0aaf124dbc4..577ab5eeeb4f 100644 --- a/2021/21xxx/CVE-2021-21200.json +++ b/2021/21xxx/CVE-2021-21200.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "89.0.4389.72", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1164816", + "refsource": "MISC", + "name": "https://crbug.com/1164816" } ] } diff --git a/2021/21xxx/CVE-2021-21366.json b/2021/21xxx/CVE-2021-21366.json index bc81a3af4e3b..8c412f3e7126 100644 --- a/2021/21xxx/CVE-2021-21366.json +++ b/2021/21xxx/CVE-2021-21366.json @@ -96,6 +96,11 @@ "name": "https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135", "refsource": "MISC", "url": "https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230101 [SECURITY] [DLA 3260-1] node-xmldom security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21707.json b/2021/21xxx/CVE-2021-21707.json index d041a32a8158..a64ccd7b247c 100644 --- a/2021/21xxx/CVE-2021-21707.json +++ b/2021/21xxx/CVE-2021-21707.json @@ -110,6 +110,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2022-09", "url": "https://www.tenable.com/security/tns-2022-09" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" } ] }, diff --git a/2021/22xxx/CVE-2021-22600.json b/2021/22xxx/CVE-2021-22600.json index 3e405c79889e..966e5e9f5586 100644 --- a/2021/22xxx/CVE-2021-22600.json +++ b/2021/22xxx/CVE-2021-22600.json @@ -99,6 +99,11 @@ "refsource": "DEBIAN", "name": "DSA-5096", "url": "https://www.debian.org/security/2022/dsa-5096" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230110-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230110-0002/" } ] }, diff --git a/2021/22xxx/CVE-2021-22922.json b/2021/22xxx/CVE-2021-22922.json index 00b0a2a444f3..34d8e2e6fd4c 100644 --- a/2021/22xxx/CVE-2021-22922.json +++ b/2021/22xxx/CVE-2021-22922.json @@ -88,6 +88,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22923.json b/2021/22xxx/CVE-2021-22923.json index 9fd5bfaee0f4..fc5fbd07f0b0 100644 --- a/2021/22xxx/CVE-2021-22923.json +++ b/2021/22xxx/CVE-2021-22923.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22925.json b/2021/22xxx/CVE-2021-22925.json index d6b35cf3af85..da27ca5d2b4f 100644 --- a/2021/22xxx/CVE-2021-22925.json +++ b/2021/22xxx/CVE-2021-22925.json @@ -98,6 +98,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22926.json b/2021/22xxx/CVE-2021-22926.json index ad378c1e3b8b..e659ff95b18b 100644 --- a/2021/22xxx/CVE-2021-22926.json +++ b/2021/22xxx/CVE-2021-22926.json @@ -93,6 +93,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22945.json b/2021/22xxx/CVE-2021-22945.json index 21a5bb74d175..a27ab51bd31e 100644 --- a/2021/22xxx/CVE-2021-22945.json +++ b/2021/22xxx/CVE-2021-22945.json @@ -88,6 +88,11 @@ "refsource": "DEBIAN", "name": "DSA-5197", "url": "https://www.debian.org/security/2022/dsa-5197" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22946.json b/2021/22xxx/CVE-2021-22946.json index da86fdcfc14a..2f6c58adf784 100644 --- a/2021/22xxx/CVE-2021-22946.json +++ b/2021/22xxx/CVE-2021-22946.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/22xxx/CVE-2021-22947.json b/2021/22xxx/CVE-2021-22947.json index 5787b5c09c54..97ea7a53e038 100644 --- a/2021/22xxx/CVE-2021-22947.json +++ b/2021/22xxx/CVE-2021-22947.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2021/23xxx/CVE-2021-23056.json b/2021/23xxx/CVE-2021-23056.json index 4ca70f67a49b..78424e9f7474 100644 --- a/2021/23xxx/CVE-2021-23056.json +++ b/2021/23xxx/CVE-2021-23056.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23057.json b/2021/23xxx/CVE-2021-23057.json index 5ad93752815b..dcded131612e 100644 --- a/2021/23xxx/CVE-2021-23057.json +++ b/2021/23xxx/CVE-2021-23057.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23058.json b/2021/23xxx/CVE-2021-23058.json index 37c8ed468d26..a67931ba5b2d 100644 --- a/2021/23xxx/CVE-2021-23058.json +++ b/2021/23xxx/CVE-2021-23058.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23059.json b/2021/23xxx/CVE-2021-23059.json index 037f3225fb21..3e53f07c699c 100644 --- a/2021/23xxx/CVE-2021-23059.json +++ b/2021/23xxx/CVE-2021-23059.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23059", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23060.json b/2021/23xxx/CVE-2021-23060.json index ee344affa1b5..f60b4bf086d9 100644 --- a/2021/23xxx/CVE-2021-23060.json +++ b/2021/23xxx/CVE-2021-23060.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23060", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23061.json b/2021/23xxx/CVE-2021-23061.json index df5003467070..ad061d661a9b 100644 --- a/2021/23xxx/CVE-2021-23061.json +++ b/2021/23xxx/CVE-2021-23061.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23061", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23062.json b/2021/23xxx/CVE-2021-23062.json index b66d7cc24a46..ef3709aaf959 100644 --- a/2021/23xxx/CVE-2021-23062.json +++ b/2021/23xxx/CVE-2021-23062.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23063.json b/2021/23xxx/CVE-2021-23063.json index 3780c5ae00b0..38f094be3d74 100644 --- a/2021/23xxx/CVE-2021-23063.json +++ b/2021/23xxx/CVE-2021-23063.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23063", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23064.json b/2021/23xxx/CVE-2021-23064.json index 96f0468856b6..3d70c7f82253 100644 --- a/2021/23xxx/CVE-2021-23064.json +++ b/2021/23xxx/CVE-2021-23064.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23064", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23065.json b/2021/23xxx/CVE-2021-23065.json index 407b0b0193f5..ea434dd0c83a 100644 --- a/2021/23xxx/CVE-2021-23065.json +++ b/2021/23xxx/CVE-2021-23065.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23066.json b/2021/23xxx/CVE-2021-23066.json index dfd5fd83b67d..441804fe3451 100644 --- a/2021/23xxx/CVE-2021-23066.json +++ b/2021/23xxx/CVE-2021-23066.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23066", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23067.json b/2021/23xxx/CVE-2021-23067.json index 8654c971cdd5..e103d5399a60 100644 --- a/2021/23xxx/CVE-2021-23067.json +++ b/2021/23xxx/CVE-2021-23067.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23068.json b/2021/23xxx/CVE-2021-23068.json index 483e1fc84a40..80ac1f223652 100644 --- a/2021/23xxx/CVE-2021-23068.json +++ b/2021/23xxx/CVE-2021-23068.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23068", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23069.json b/2021/23xxx/CVE-2021-23069.json index 67b6c9d0ea86..7b58b40f7f21 100644 --- a/2021/23xxx/CVE-2021-23069.json +++ b/2021/23xxx/CVE-2021-23069.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23070.json b/2021/23xxx/CVE-2021-23070.json index 16a613951a86..bfaee46bc445 100644 --- a/2021/23xxx/CVE-2021-23070.json +++ b/2021/23xxx/CVE-2021-23070.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23071.json b/2021/23xxx/CVE-2021-23071.json index 52f68b72afa2..fe6e1e96f90e 100644 --- a/2021/23xxx/CVE-2021-23071.json +++ b/2021/23xxx/CVE-2021-23071.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23072.json b/2021/23xxx/CVE-2021-23072.json index 10daf472407d..216d24107cd6 100644 --- a/2021/23xxx/CVE-2021-23072.json +++ b/2021/23xxx/CVE-2021-23072.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23073.json b/2021/23xxx/CVE-2021-23073.json index d1dd00a6a913..a94334971904 100644 --- a/2021/23xxx/CVE-2021-23073.json +++ b/2021/23xxx/CVE-2021-23073.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23074.json b/2021/23xxx/CVE-2021-23074.json index 69498c25e0bf..63d9668295e0 100644 --- a/2021/23xxx/CVE-2021-23074.json +++ b/2021/23xxx/CVE-2021-23074.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23075.json b/2021/23xxx/CVE-2021-23075.json index c1de1447690a..32738f82d662 100644 --- a/2021/23xxx/CVE-2021-23075.json +++ b/2021/23xxx/CVE-2021-23075.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23075", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23076.json b/2021/23xxx/CVE-2021-23076.json index 4a6ce8872064..5a7146fe7016 100644 --- a/2021/23xxx/CVE-2021-23076.json +++ b/2021/23xxx/CVE-2021-23076.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23076", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23077.json b/2021/23xxx/CVE-2021-23077.json index b65cf36d3562..d91aa5d25f9f 100644 --- a/2021/23xxx/CVE-2021-23077.json +++ b/2021/23xxx/CVE-2021-23077.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23078.json b/2021/23xxx/CVE-2021-23078.json index bd392c9f8c29..d3b8b36ffa25 100644 --- a/2021/23xxx/CVE-2021-23078.json +++ b/2021/23xxx/CVE-2021-23078.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23079.json b/2021/23xxx/CVE-2021-23079.json index 38dd08034bdf..c5951d5edaf0 100644 --- a/2021/23xxx/CVE-2021-23079.json +++ b/2021/23xxx/CVE-2021-23079.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23080.json b/2021/23xxx/CVE-2021-23080.json index 248c0d6fa69d..07d2edbe02f5 100644 --- a/2021/23xxx/CVE-2021-23080.json +++ b/2021/23xxx/CVE-2021-23080.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23080", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23081.json b/2021/23xxx/CVE-2021-23081.json index 8c65724c5d38..5a0d775ff838 100644 --- a/2021/23xxx/CVE-2021-23081.json +++ b/2021/23xxx/CVE-2021-23081.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23082.json b/2021/23xxx/CVE-2021-23082.json index 251be6603a59..0cde6a5d1758 100644 --- a/2021/23xxx/CVE-2021-23082.json +++ b/2021/23xxx/CVE-2021-23082.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23082", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23083.json b/2021/23xxx/CVE-2021-23083.json index adddeb80cfc1..682464cc9587 100644 --- a/2021/23xxx/CVE-2021-23083.json +++ b/2021/23xxx/CVE-2021-23083.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23083", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23084.json b/2021/23xxx/CVE-2021-23084.json index 91c38e31842a..dcf72b5c0a34 100644 --- a/2021/23xxx/CVE-2021-23084.json +++ b/2021/23xxx/CVE-2021-23084.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23084", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23085.json b/2021/23xxx/CVE-2021-23085.json index 5053f2bd898a..330951f7511f 100644 --- a/2021/23xxx/CVE-2021-23085.json +++ b/2021/23xxx/CVE-2021-23085.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23085", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23086.json b/2021/23xxx/CVE-2021-23086.json index 96f8c075a430..b3519af516c0 100644 --- a/2021/23xxx/CVE-2021-23086.json +++ b/2021/23xxx/CVE-2021-23086.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23087.json b/2021/23xxx/CVE-2021-23087.json index 91028634d518..7e620648fcc8 100644 --- a/2021/23xxx/CVE-2021-23087.json +++ b/2021/23xxx/CVE-2021-23087.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23087", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23088.json b/2021/23xxx/CVE-2021-23088.json index 9c6efb04e4be..41a819b2e90a 100644 --- a/2021/23xxx/CVE-2021-23088.json +++ b/2021/23xxx/CVE-2021-23088.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23089.json b/2021/23xxx/CVE-2021-23089.json index 3c2a529ea704..f1aaa7831c14 100644 --- a/2021/23xxx/CVE-2021-23089.json +++ b/2021/23xxx/CVE-2021-23089.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23089", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23090.json b/2021/23xxx/CVE-2021-23090.json index 7cebb5f3edf7..bd8c27e32dc2 100644 --- a/2021/23xxx/CVE-2021-23090.json +++ b/2021/23xxx/CVE-2021-23090.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23090", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23091.json b/2021/23xxx/CVE-2021-23091.json index 792c8064a053..059571c49ee7 100644 --- a/2021/23xxx/CVE-2021-23091.json +++ b/2021/23xxx/CVE-2021-23091.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23092.json b/2021/23xxx/CVE-2021-23092.json index efe6b1267ba9..12d2e6c88db6 100644 --- a/2021/23xxx/CVE-2021-23092.json +++ b/2021/23xxx/CVE-2021-23092.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23093.json b/2021/23xxx/CVE-2021-23093.json index f853dea7502d..b2a0ebb25f2e 100644 --- a/2021/23xxx/CVE-2021-23093.json +++ b/2021/23xxx/CVE-2021-23093.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23093", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23094.json b/2021/23xxx/CVE-2021-23094.json index 0adce7d3e2f1..d0d96163bec1 100644 --- a/2021/23xxx/CVE-2021-23094.json +++ b/2021/23xxx/CVE-2021-23094.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23094", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23095.json b/2021/23xxx/CVE-2021-23095.json index d9697b5f9915..d3a40b4c783b 100644 --- a/2021/23xxx/CVE-2021-23095.json +++ b/2021/23xxx/CVE-2021-23095.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23095", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23096.json b/2021/23xxx/CVE-2021-23096.json index 3a9cf1f5149d..0658f6df2c93 100644 --- a/2021/23xxx/CVE-2021-23096.json +++ b/2021/23xxx/CVE-2021-23096.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23096", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23097.json b/2021/23xxx/CVE-2021-23097.json index a5dafe42af21..424326fb3448 100644 --- a/2021/23xxx/CVE-2021-23097.json +++ b/2021/23xxx/CVE-2021-23097.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23097", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23098.json b/2021/23xxx/CVE-2021-23098.json index 89f4c4403069..0a87a1817051 100644 --- a/2021/23xxx/CVE-2021-23098.json +++ b/2021/23xxx/CVE-2021-23098.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23098", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23099.json b/2021/23xxx/CVE-2021-23099.json index a297e625a123..074725e482c1 100644 --- a/2021/23xxx/CVE-2021-23099.json +++ b/2021/23xxx/CVE-2021-23099.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23099", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23100.json b/2021/23xxx/CVE-2021-23100.json index 61ee1501d08d..8afa81faedf6 100644 --- a/2021/23xxx/CVE-2021-23100.json +++ b/2021/23xxx/CVE-2021-23100.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23100", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23101.json b/2021/23xxx/CVE-2021-23101.json index 6eded2df5f44..3f6d6b888067 100644 --- a/2021/23xxx/CVE-2021-23101.json +++ b/2021/23xxx/CVE-2021-23101.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23101", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23102.json b/2021/23xxx/CVE-2021-23102.json index fc3ded6f4670..f572aae320e7 100644 --- a/2021/23xxx/CVE-2021-23102.json +++ b/2021/23xxx/CVE-2021-23102.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23102", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23103.json b/2021/23xxx/CVE-2021-23103.json index 1bbefb8fdd44..9b8111d8467f 100644 --- a/2021/23xxx/CVE-2021-23103.json +++ b/2021/23xxx/CVE-2021-23103.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23103", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23104.json b/2021/23xxx/CVE-2021-23104.json index 2d21292e55e5..d63f587c945b 100644 --- a/2021/23xxx/CVE-2021-23104.json +++ b/2021/23xxx/CVE-2021-23104.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23105.json b/2021/23xxx/CVE-2021-23105.json index ec51540302dc..db20e310503c 100644 --- a/2021/23xxx/CVE-2021-23105.json +++ b/2021/23xxx/CVE-2021-23105.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23105", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23106.json b/2021/23xxx/CVE-2021-23106.json index 83782185e8ad..4f66e5b5f962 100644 --- a/2021/23xxx/CVE-2021-23106.json +++ b/2021/23xxx/CVE-2021-23106.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23106", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23107.json b/2021/23xxx/CVE-2021-23107.json index dc7a9ef8b504..55477a9fda00 100644 --- a/2021/23xxx/CVE-2021-23107.json +++ b/2021/23xxx/CVE-2021-23107.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23107", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23108.json b/2021/23xxx/CVE-2021-23108.json index df6552a1bed0..2a1a2329e14f 100644 --- a/2021/23xxx/CVE-2021-23108.json +++ b/2021/23xxx/CVE-2021-23108.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23108", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23109.json b/2021/23xxx/CVE-2021-23109.json index f7193e5c29c4..71a1086b6902 100644 --- a/2021/23xxx/CVE-2021-23109.json +++ b/2021/23xxx/CVE-2021-23109.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23110.json b/2021/23xxx/CVE-2021-23110.json index 87e4a480c9c4..684b9e07568e 100644 --- a/2021/23xxx/CVE-2021-23110.json +++ b/2021/23xxx/CVE-2021-23110.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23111.json b/2021/23xxx/CVE-2021-23111.json index e5cbd9b340ba..245dc138ece5 100644 --- a/2021/23xxx/CVE-2021-23111.json +++ b/2021/23xxx/CVE-2021-23111.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23111", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23112.json b/2021/23xxx/CVE-2021-23112.json index 8bf186f5faef..95d652bad6b4 100644 --- a/2021/23xxx/CVE-2021-23112.json +++ b/2021/23xxx/CVE-2021-23112.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23112", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23113.json b/2021/23xxx/CVE-2021-23113.json index 391ef2f0bd94..24e186c26353 100644 --- a/2021/23xxx/CVE-2021-23113.json +++ b/2021/23xxx/CVE-2021-23113.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23114.json b/2021/23xxx/CVE-2021-23114.json index 826ea8429cc5..fe2c5bb84476 100644 --- a/2021/23xxx/CVE-2021-23114.json +++ b/2021/23xxx/CVE-2021-23114.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23115.json b/2021/23xxx/CVE-2021-23115.json index 257305a6bd31..08e14146f813 100644 --- a/2021/23xxx/CVE-2021-23115.json +++ b/2021/23xxx/CVE-2021-23115.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23115", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23116.json b/2021/23xxx/CVE-2021-23116.json index e98a6238fe6a..3a7089d5518a 100644 --- a/2021/23xxx/CVE-2021-23116.json +++ b/2021/23xxx/CVE-2021-23116.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23116", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23117.json b/2021/23xxx/CVE-2021-23117.json index b8dc6be55d41..a2ec9356cdda 100644 --- a/2021/23xxx/CVE-2021-23117.json +++ b/2021/23xxx/CVE-2021-23117.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23118.json b/2021/23xxx/CVE-2021-23118.json index 6900409f8a99..b9444268ba2a 100644 --- a/2021/23xxx/CVE-2021-23118.json +++ b/2021/23xxx/CVE-2021-23118.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23119.json b/2021/23xxx/CVE-2021-23119.json index cfdca6163eba..d271d5025083 100644 --- a/2021/23xxx/CVE-2021-23119.json +++ b/2021/23xxx/CVE-2021-23119.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23120.json b/2021/23xxx/CVE-2021-23120.json index 7176e15f8589..ff1bd3232bff 100644 --- a/2021/23xxx/CVE-2021-23120.json +++ b/2021/23xxx/CVE-2021-23120.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23120", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23121.json b/2021/23xxx/CVE-2021-23121.json index 962b0da93e2c..dda9f293411e 100644 --- a/2021/23xxx/CVE-2021-23121.json +++ b/2021/23xxx/CVE-2021-23121.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23121", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23122.json b/2021/23xxx/CVE-2021-23122.json index 7b7579bd286f..eaa69e0e3d56 100644 --- a/2021/23xxx/CVE-2021-23122.json +++ b/2021/23xxx/CVE-2021-23122.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-23122", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/23xxx/CVE-2021-23123.json b/2021/23xxx/CVE-2021-23123.json index 22a10e5154b6..40aed2cdfc84 100644 --- a/2021/23xxx/CVE-2021-23123.json +++ b/2021/23xxx/CVE-2021-23123.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23123", - "DATE_PUBLIC": "2021-01-12T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210101] - Core - com_modules exposes module names" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.23" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.23", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23124.json b/2021/23xxx/CVE-2021-23124.json index 5b19b9dc0d95..a5645f6132cf 100644 --- a/2021/23xxx/CVE-2021-23124.json +++ b/2021/23xxx/CVE-2021-23124.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23124", - "DATE_PUBLIC": "2021-01-12T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.9.0-3.9.23" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.9.0-3.9.23", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23125.json b/2021/23xxx/CVE-2021-23125.json index e1c5ab08dce2..1e2de4fd1454 100644 --- a/2021/23xxx/CVE-2021-23125.json +++ b/2021/23xxx/CVE-2021-23125.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23125", - "DATE_PUBLIC": "2021-01-12T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210103] - Core - XSS in com_tags image parameters" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.1.0-3.9.23" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.1.0-3.9.23", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23126.json b/2021/23xxx/CVE-2021-23126.json index 863a397e6d8d..e6be6011d5d6 100644 --- a/2021/23xxx/CVE-2021-23126.json +++ b/2021/23xxx/CVE-2021-23126.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23126", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.2.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.2.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23127.json b/2021/23xxx/CVE-2021-23127.json index 4bae47c06611..1d2a9fc11e7d 100644 --- a/2021/23xxx/CVE-2021-23127.json +++ b/2021/23xxx/CVE-2021-23127.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23127", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.2.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.2.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23128.json b/2021/23xxx/CVE-2021-23128.json index dfa096fd89f7..68a8711f480d 100644 --- a/2021/23xxx/CVE-2021-23128.json +++ b/2021/23xxx/CVE-2021-23128.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23128", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210302] - Core - Potential Insecure FOFEncryptRandval" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.2.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.2.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23129.json b/2021/23xxx/CVE-2021-23129.json index 23c79d0a621a..36eb132c50fe 100644 --- a/2021/23xxx/CVE-2021-23129.json +++ b/2021/23xxx/CVE-2021-23129.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23129", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210303] - Core - XSS within alert messages showed to users" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23130.json b/2021/23xxx/CVE-2021-23130.json index cb0d8163ea74..ebfc72ae68cc 100644 --- a/2021/23xxx/CVE-2021-23130.json +++ b/2021/23xxx/CVE-2021-23130.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23130", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210304] - Core - XSS within the feed parser library" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23131.json b/2021/23xxx/CVE-2021-23131.json index c129e3761861..d50446400600 100644 --- a/2021/23xxx/CVE-2021-23131.json +++ b/2021/23xxx/CVE-2021-23131.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23131", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210305] - Core - Input validation within the template manager" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.2.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.2.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23132.json b/2021/23xxx/CVE-2021-23132.json index 94fbecf5927e..3caa20fa25d0 100644 --- a/2021/23xxx/CVE-2021-23132.json +++ b/2021/23xxx/CVE-2021-23132.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-23132", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210306] - Core - com_media allowed paths that are not intended for image uploads" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/23xxx/CVE-2021-23892.json b/2021/23xxx/CVE-2021-23892.json index f745ca64255c..dc2d14958c01 100644 --- a/2021/23xxx/CVE-2021-23892.json +++ b/2021/23xxx/CVE-2021-23892.json @@ -1,13 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-23892", + "ASSIGNER": "trellixpsirt@trellix.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "McAfee,LLC", "product": { "product_data": [ { @@ -15,72 +40,49 @@ "version": { "version_data": [ { - "platform": "Linux", - "version_affected": "<", - "version_value": "10.7.5" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "McAfee,LLC" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations." + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10355", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10355" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-362: Time-of-check Time-of-use (TOCTOU) Race Condition" - } - ] - } - ] + "source": { + "discovery": "UNKNOWN" }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10355", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10355" + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] - }, - "source": { - "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24119.json b/2021/24xxx/CVE-2021-24119.json index 4cebd8341526..a8795422efe1 100644 --- a/2021/24xxx/CVE-2021-24119.json +++ b/2021/24xxx/CVE-2021-24119.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-24119", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,24 +59,29 @@ "name": "https://github.com/ARMmbed/mbedtls/releases" }, { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "refsource": "MISC", - "name": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md", - "url": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md" + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" }, { - "refsource": "FEDORA", - "name": "FEDORA-2021-10bfc067d1", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/" + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" + }, + { + "url": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md", + "refsource": "MISC", + "name": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md" }, { - "refsource": "FEDORA", - "name": "FEDORA-2021-165969af24", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/" } ] } diff --git a/2021/24xxx/CVE-2021-24417.json b/2021/24xxx/CVE-2021-24417.json index abafb51c4c96..0bba8eb55e3e 100644 --- a/2021/24xxx/CVE-2021-24417.json +++ b/2021/24xxx/CVE-2021-24417.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-24417", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/24xxx/CVE-2021-24942.json b/2021/24xxx/CVE-2021-24942.json index f11e75174da9..086b2efef2eb 100644 --- a/2021/24xxx/CVE-2021-24942.json +++ b/2021/24xxx/CVE-2021-24942.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the \"Visibility logic\" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Menu Item Visibility Control", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "bl4derunner" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25221.json b/2021/25xxx/CVE-2021-25221.json index 5dde8de02ea7..5b457791dd63 100644 --- a/2021/25xxx/CVE-2021-25221.json +++ b/2021/25xxx/CVE-2021-25221.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-25221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/25xxx/CVE-2021-25222.json b/2021/25xxx/CVE-2021-25222.json index c8b4372b4200..207ded62533b 100644 --- a/2021/25xxx/CVE-2021-25222.json +++ b/2021/25xxx/CVE-2021-25222.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-25222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/25xxx/CVE-2021-25223.json b/2021/25xxx/CVE-2021-25223.json index 70faa8405dea..8aa3038fdddf 100644 --- a/2021/25xxx/CVE-2021-25223.json +++ b/2021/25xxx/CVE-2021-25223.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-25223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/26xxx/CVE-2021-26027.json b/2021/26xxx/CVE-2021-26027.json index 7f712eea8642..4b469ce781d5 100644 --- a/2021/26xxx/CVE-2021-26027.json +++ b/2021/26xxx/CVE-2021-26027.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26027", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210307] - Core - ACL violation within com_content frontend editing" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/26xxx/CVE-2021-26028.json b/2021/26xxx/CVE-2021-26028.json index 137dd99588ea..d8da05c8c172 100644 --- a/2021/26xxx/CVE-2021-26028.json +++ b/2021/26xxx/CVE-2021-26028.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26028", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210308] - Core - Path Traversal within joomla/archive zip class" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/26xxx/CVE-2021-26029.json b/2021/26xxx/CVE-2021-26029.json index 2c035fc0ece0..c4ec32915f66 100644 --- a/2021/26xxx/CVE-2021-26029.json +++ b/2021/26xxx/CVE-2021-26029.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26029", - "DATE_PUBLIC": "2021-03-02T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "1.6.0-3.9.24" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "1.6.0-3.9.24", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { diff --git a/2021/26xxx/CVE-2021-26030.json b/2021/26xxx/CVE-2021-26030.json index 5e6f5bb46c24..86c68565354e 100644 --- a/2021/26xxx/CVE-2021-26030.json +++ b/2021/26xxx/CVE-2021-26030.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26030", - "DATE_PUBLIC": "2021-04-13T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210401] - Core - Escape xss in logo parameter error pages" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.25" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.25", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26031.json b/2021/26xxx/CVE-2021-26031.json index d14e77c79a21..62fb7fb1b648 100644 --- a/2021/26xxx/CVE-2021-26031.json +++ b/2021/26xxx/CVE-2021-26031.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26031", - "DATE_PUBLIC": "2021-04-13T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210402] - Core - Inadequate filters on module layout settings" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.25" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.25", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26032.json b/2021/26xxx/CVE-2021-26032.json index d185db909332..b28012fcac3c 100644 --- a/2021/26xxx/CVE-2021-26032.json +++ b/2021/26xxx/CVE-2021-26032.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26032", - "DATE_PUBLIC": "2021-05-25T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.26" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26033.json b/2021/26xxx/CVE-2021-26033.json index d2d7e2bc6981..adbd048a2850 100644 --- a/2021/26xxx/CVE-2021-26033.json +++ b/2021/26xxx/CVE-2021-26033.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26033", - "DATE_PUBLIC": "2021-05-25T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210502] - Core - CSRF in AJAX reordering endpoint" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.26" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26034.json b/2021/26xxx/CVE-2021-26034.json index 183b17360965..d261a3047791 100644 --- a/2021/26xxx/CVE-2021-26034.json +++ b/2021/26xxx/CVE-2021-26034.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26034", - "DATE_PUBLIC": "2021-05-25T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210503] - Core - CSRF in data download endpoints" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.26" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26035.json b/2021/26xxx/CVE-2021-26035.json index 238cab02f991..78b2b90c5fab 100644 --- a/2021/26xxx/CVE-2021-26035.json +++ b/2021/26xxx/CVE-2021-26035.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26035", - "DATE_PUBLIC": "2021-07-06T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210701] - Core - XSS in JForm Rules field" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.27" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.27", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26036.json b/2021/26xxx/CVE-2021-26036.json index cb959a55d15f..eceb78699595 100644 --- a/2021/26xxx/CVE-2021-26036.json +++ b/2021/26xxx/CVE-2021-26036.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26036", - "DATE_PUBLIC": "2021-07-06T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210702] - Core - DoS through usergroup table manipulation" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.27" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.27", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26037.json b/2021/26xxx/CVE-2021-26037.json index a29523ef892e..31249ebd319c 100644 --- a/2021/26xxx/CVE-2021-26037.json +++ b/2021/26xxx/CVE-2021-26037.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26037", - "DATE_PUBLIC": "2021-07-06T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210703] - Core - Lack of enforced session termination" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.27" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.27", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26038.json b/2021/26xxx/CVE-2021-26038.json index 97073cf72c73..816f9dcf810f 100644 --- a/2021/26xxx/CVE-2021-26038.json +++ b/2021/26xxx/CVE-2021-26038.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26038", - "DATE_PUBLIC": "2021-07-06T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210704] - Core - Privilege escalation through com_installer" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "2.5.0-3.9.27" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "2.5.0-3.9.27", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26039.json b/2021/26xxx/CVE-2021-26039.json index 60ccbba06d97..eade96290ccc 100644 --- a/2021/26xxx/CVE-2021-26039.json +++ b/2021/26xxx/CVE-2021-26039.json @@ -1,37 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", "ID": "CVE-2021-26039", - "DATE_PUBLIC": "2021-07-06T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210705] - Core - XSS in com_media imagelist" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.9.27" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -52,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.9.27", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -61,4 +60,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26040.json b/2021/26xxx/CVE-2021-26040.json index 0f62ee370280..8ffb5d353418 100644 --- a/2021/26xxx/CVE-2021-26040.json +++ b/2021/26xxx/CVE-2021-26040.json @@ -1,64 +1,63 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "security@joomla.org", - "ID": "CVE-2021-26040", - "DATE_PUBLIC": "2021-08-24T16:00:00", - "STATE": "PUBLIC", - "TITLE": "[20210801] - Core - Insufficient access control for com_media deletion endpoint" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Joomla! CMS", - "version": { - "version_data": [ - { - "version_value": "4.0.0" - } - ] - } - } - ] - }, - "vendor_name": "Joomla! Project" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CSRF" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint", - "refsource": "MISC", - "name": "https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint" - } - ] - } -} +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-26040", + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_value": "4.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint" + } + ] + } +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26316.json b/2021/26xxx/CVE-2021-26316.json index 94a8266540ec..206bd83c297c 100644 --- a/2021/26xxx/CVE-2021-26316.json +++ b/2021/26xxx/CVE-2021-26316.json @@ -1,18 +1,137 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen 5000 Series ", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Ryzen 2000 Series", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen 3000 Series", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "1st Gen EPYC ", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "Various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1031, AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26328.json b/2021/26xxx/CVE-2021-26328.json index 3f6b90b5e6e2..09c9c7ba8818 100644 --- a/2021/26xxx/CVE-2021-26328.json +++ b/2021/26xxx/CVE-2021-26328.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26328", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26343.json b/2021/26xxx/CVE-2021-26343.json index 0bde4d281a40..f79813d716df 100644 --- a/2021/26xxx/CVE-2021-26343.json +++ b/2021/26xxx/CVE-2021-26343.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26343", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26346.json b/2021/26xxx/CVE-2021-26346.json index 085da27a9967..7c055f35d1db 100644 --- a/2021/26xxx/CVE-2021-26346.json +++ b/2021/26xxx/CVE-2021-26346.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen 5000 Series", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1031", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26347.json b/2021/26xxx/CVE-2021-26347.json index 8a9a61b90883..593618db2ca0 100644 --- a/2021/26xxx/CVE-2021-26347.json +++ b/2021/26xxx/CVE-2021-26347.json @@ -1,71 +1,70 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-26347", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": " AMD", "product": { "product_data": [ { - "product_name": " EPYC\u2122 Processors ", + "product_name": "Ryzen 5000 Series", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "various " + "version_value": "various ", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "tbd" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028" + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { - "advisory": "AMD-SB-1028", + "advisory": "AMD-SB-1031", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26353.json b/2021/26xxx/CVE-2021-26353.json index 8ead05f2c984..54376f3531e7 100644 --- a/2021/26xxx/CVE-2021-26353.json +++ b/2021/26xxx/CVE-2021-26353.json @@ -1,71 +1,70 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-05-06T20:00:00.000Z", "ID": "CVE-2021-26353", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { - "product_name": "3rd Gen AMD EPYC\u2122", + "product_name": "3rd Gen EPYC", "version": { "version_data": [ { - "version_affected": "<", - "version_value": "MilanPI-SP3_1.0.0.4" + "version_value": "various ", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Due to a mishandled error, it is possible to leave the DRTM UApp in a partially initialized state, which can result in unchecked memory writes when the UApp handles subsequent mailbox commands." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-665 Improper Initialization" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { - "advisory": "AMD-SB-1021", + "advisory": "AMD-SB-1032", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26355.json b/2021/26xxx/CVE-2021-26355.json index 2857512ecda5..ef96b8122f36 100644 --- a/2021/26xxx/CVE-2021-26355.json +++ b/2021/26xxx/CVE-2021-26355.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26396.json b/2021/26xxx/CVE-2021-26396.json index f70070edf150..c8766a09634f 100644 --- a/2021/26xxx/CVE-2021-26396.json +++ b/2021/26xxx/CVE-2021-26396.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26398.json b/2021/26xxx/CVE-2021-26398.json index 455ec41a3b78..30a417f7c402 100644 --- a/2021/26xxx/CVE-2021-26398.json +++ b/2021/26xxx/CVE-2021-26398.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "1st Gen EPYC ", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "Various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26402.json b/2021/26xxx/CVE-2021-26402.json index 54a7bb00d1eb..ae066413d47c 100644 --- a/2021/26xxx/CVE-2021-26402.json +++ b/2021/26xxx/CVE-2021-26402.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "Various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26403.json b/2021/26xxx/CVE-2021-26403.json index 7382038a6d80..2cebbe5c7503 100644 --- a/2021/26xxx/CVE-2021-26403.json +++ b/2021/26xxx/CVE-2021-26403.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "1st Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26404.json b/2021/26xxx/CVE-2021-26404.json index 5440fad7823c..70462010010e 100644 --- a/2021/26xxx/CVE-2021-26404.json +++ b/2021/26xxx/CVE-2021-26404.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26407.json b/2021/26xxx/CVE-2021-26407.json index d23ae3bcec75..5accddd51ad0 100644 --- a/2021/26xxx/CVE-2021-26407.json +++ b/2021/26xxx/CVE-2021-26407.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26409.json b/2021/26xxx/CVE-2021-26409.json index 945d5e466eb4..50e0429c9048 100644 --- a/2021/26xxx/CVE-2021-26409.json +++ b/2021/26xxx/CVE-2021-26409.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26568.json b/2021/26xxx/CVE-2021-26568.json index 079c40dc95db..b1c4eb5beec3 100644 --- a/2021/26xxx/CVE-2021-26568.json +++ b/2021/26xxx/CVE-2021-26568.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-26568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/27xxx/CVE-2021-27650.json b/2021/27xxx/CVE-2021-27650.json index 132b2f5b97ff..03d131db688c 100644 --- a/2021/27xxx/CVE-2021-27650.json +++ b/2021/27xxx/CVE-2021-27650.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-27650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/28xxx/CVE-2021-28544.json b/2021/28xxx/CVE-2021-28544.json index fa81717e5214..05a081606d0c 100644 --- a/2021/28xxx/CVE-2021-28544.json +++ b/2021/28xxx/CVE-2021-28544.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2021-28544", - "STATE": "PUBLIC", - "TITLE": "Apache Subversion SVN authz protected copyfrom paths regression" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Apache Software Foundation", "product": { "product_data": [ { @@ -16,88 +40,62 @@ "version": { "version_data": [ { - "version_value": "1.10.0 to 1.14.1" + "version_value": "1.10.0 to 1.14.1", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "credit": [ - { - "lang": "eng", - "value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - {} - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-287 Improper Authentication" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt", + "refsource": "MISC", "name": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt" }, { - "refsource": "DEBIAN", - "name": "DSA-5119", - "url": "https://www.debian.org/security/2022/dsa-5119" + "url": "https://www.debian.org/security/2022/dsa-5119", + "refsource": "MISC", + "name": "https://www.debian.org/security/2022/dsa-5119" }, { - "refsource": "FEDORA", - "name": "FEDORA-2022-13cc09ecf2", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2022-2af658b090", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT213345", - "url": "https://support.apple.com/kb/HT213345" + "url": "https://support.apple.com/kb/HT213345", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213345" }, { - "refsource": "FULLDISC", - "name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5", - "url": "http://seclists.org/fulldisclosure/2022/Jul/18" + "url": "http://seclists.org/fulldisclosure/2022/Jul/18", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Jul/18" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "Apache Subversion would like to thank Evgeny Kotkov, visualsvn.com." + } + ] } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28655.json b/2021/28xxx/CVE-2021-28655.json index 0728d13e556b..54011db15cd3 100644 --- a/2021/28xxx/CVE-2021-28655.json +++ b/2021/28xxx/CVE-2021-28655.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-28655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The improper Input Validation vulnerability in \"\u201dMove folder to Trash\u201d feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Zeppelin", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Kai Zhao" + } + ] } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29458.json b/2021/29xxx/CVE-2021-29458.json index 21c767b843f6..fd89e1874395 100644 --- a/2021/29xxx/CVE-2021-29458.json +++ b/2021/29xxx/CVE-2021-29458.json @@ -77,6 +77,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-be94728b95", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/2xxx/CVE-2021-2175.json b/2021/2xxx/CVE-2021-2175.json index adaac141d4dc..d6c337628940 100644 --- a/2021/2xxx/CVE-2021-2175.json +++ b/2021/2xxx/CVE-2021-2175.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://databasesecurityninja.wordpress.com/2022/02/02/cve-2021-2175-database-vault-metadata-exposure-vulnerability/", "url": "https://databasesecurityninja.wordpress.com/2022/02/02/cve-2021-2175-database-vault-metadata-exposure-vulnerability/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170373/Oracle-Database-Vault-Metadata-Exposure.html", + "url": "http://packetstormsecurity.com/files/170373/Oracle-Database-Vault-Metadata-Exposure.html" } ] } diff --git a/2021/30xxx/CVE-2021-30134.json b/2021/30xxx/CVE-2021-30134.json index e38af2448264..ea3a244427d3 100644 --- a/2021/30xxx/CVE-2021-30134.json +++ b/2021/30xxx/CVE-2021-30134.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7" } ] } diff --git a/2021/30xxx/CVE-2021-30558.json b/2021/30xxx/CVE-2021-30558.json index a7f2fc3687ad..6a053a81f101 100644 --- a/2021/30xxx/CVE-2021-30558.json +++ b/2021/30xxx/CVE-2021-30558.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.77", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html" + }, + { + "url": "https://crbug.com/916326", + "refsource": "MISC", + "name": "https://crbug.com/916326" } ] } diff --git a/2021/31xxx/CVE-2021-31650.json b/2021/31xxx/CVE-2021-31650.json index 532b98b921ba..72b769836ab7 100644 --- a/2021/31xxx/CVE-2021-31650.json +++ b/2021/31xxx/CVE-2021-31650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49493", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49493" } ] } diff --git a/2021/31xxx/CVE-2021-31693.json b/2021/31xxx/CVE-2021-31693.json index dd120a263c33..fe7d639fcb85 100644 --- a/2021/31xxx/CVE-2021-31693.json +++ b/2021/31xxx/CVE-2021-31693.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html", "url": "https://www.vmware.com/security/advisories/VMSA-2022-0029.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0009/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0009/" } ] }, diff --git a/2021/31xxx/CVE-2021-31838.json b/2021/31xxx/CVE-2021-31838.json index 13989c8f0af3..362a5a62e2c8 100644 --- a/2021/31xxx/CVE-2021-31838.json +++ b/2021/31xxx/CVE-2021-31838.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-31838", - "STATE": "PUBLIC", - "TITLE": "Command injection through environment variable in MVISION EDR" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "McAfee,LLC", "product": { "product_data": [ { @@ -16,71 +40,49 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "3.4.0" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "McAfee,LLC" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'." + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10342", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10342" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77 - Command injection" - } - ] - } - ] + "source": { + "discovery": "INTERNAL" }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10342", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10342" + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] - }, - "source": { - "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31843.json b/2021/31xxx/CVE-2021-31843.json index d726c3bd110e..adbffd37415a 100644 --- a/2021/31xxx/CVE-2021-31843.json +++ b/2021/31xxx/CVE-2021-31843.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-31843", - "STATE": "PUBLIC", - "TITLE": "Improper access control vulnerability in McAfee ENS for Windows" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "McAfee,LLC", "product": { "product_data": [ { @@ -16,71 +40,49 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "10.7.0 September 2021 Update" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "McAfee,LLC" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location." + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10367", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10367" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269: Improper Privileges Management" - } - ] - } - ] + "source": { + "discovery": "UNKNOWN" }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10367", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10367" + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] - }, - "source": { - "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31854.json b/2021/31xxx/CVE-2021-31854.json index 803a24c4647f..fa12d17558c1 100644 --- a/2021/31xxx/CVE-2021-31854.json +++ b/2021/31xxx/CVE-2021-31854.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-31854", - "STATE": "PUBLIC", - "TITLE": "Code injection vulnerability in McAfee Agent" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "McAfee,LLC", "product": { "product_data": [ { @@ -16,72 +40,49 @@ "version": { "version_data": [ { - "platform": "Windows", - "version_affected": "<", - "version_value": "5.7.5" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "McAfee,LLC" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges." + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10378", + "refsource": "MISC", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10378" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" - } - ] - } - ] + "source": { + "discovery": "EXTERNAL" }, - "references": { - "reference_data": [ + "impact": { + "cvss": [ { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10378", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10378" + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] - }, - "source": { - "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31875.json b/2021/31xxx/CVE-2021-31875.json index ef9b44fd3b44..1592733f8dfa 100644 --- a/2021/31xxx/CVE-2021-31875.json +++ b/2021/31xxx/CVE-2021-31875.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow." + "value": "** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because \"there isn\u2019t very much of an opportunity to exploit this reliably for an information leak, so there isn\u2019t any real security impact.\"" } ] }, diff --git a/2021/32xxx/CVE-2021-32563.json b/2021/32xxx/CVE-2021-32563.json index 9b87a727b487..c49d19974210 100644 --- a/2021/32xxx/CVE-2021-32563.json +++ b/2021/32xxx/CVE-2021-32563.json @@ -81,6 +81,16 @@ "refsource": "MISC", "name": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d", "url": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations", + "url": "http://www.openwall.com/lists/oss-security/2023/01/05/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations", + "url": "http://www.openwall.com/lists/oss-security/2023/01/05/2" } ] } diff --git a/2021/32xxx/CVE-2021-32692.json b/2021/32xxx/CVE-2021-32692.json index 6a8a1eec5005..31d689554e3e 100644 --- a/2021/32xxx/CVE-2021-32692.json +++ b/2021/32xxx/CVE-2021-32692.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-32692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2021-32692", + "ASSIGNER": "security-advisories@github.com", + "DATE_PUBLIC": "", + "TITLE": "Activity Watch vulnerable to command execution on macOS via printAppTitle.scpt", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [], + "advisory": "", + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ActivityWatch", + "product": { + "product_data": [ + { + "product_name": "Activity Watch", + "version": { + "version_data": [ + { + "version_name": "0.11.0", + "version_affected": "<", + "version_value": "0.11.0", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://github.com/ActivityWatch/activitywatch/security/advisories/GHSA-3x6w-q32m-jqf3", + "name": "https://github.com/ActivityWatch/activitywatch/security/advisories/GHSA-3x6w-q32m-jqf3" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" } -} \ No newline at end of file + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [] +} diff --git a/2021/32xxx/CVE-2021-32815.json b/2021/32xxx/CVE-2021-32815.json index badef49a41fa..31a1d654f9d8 100644 --- a/2021/32xxx/CVE-2021-32815.json +++ b/2021/32xxx/CVE-2021-32815.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbaef8e2d5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/32xxx/CVE-2021-32821.json b/2021/32xxx/CVE-2021-32821.json index 0616fa4f1783..f87fa075aede 100644 --- a/2021/32xxx/CVE-2021-32821.json +++ b/2021/32xxx/CVE-2021-32821.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Regular expression Denial of Service in MooTools" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mootools-core", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.6.0", + "version_value": "1.6.0" + } + ] + } + } + ] + }, + "vendor_name": "mootools" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/" + } + ] + }, + "source": { + "advisory": "GHSL-2020-345", + "defect": [ + "GHSL-2020-345" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32824.json b/2021/32xxx/CVE-2021-32824.json index 0cc0ae5ed4de..a6e1a9a8f6ee 100644 --- a/2021/32xxx/CVE-2021-32824.json +++ b/2021/32xxx/CVE-2021-32824.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Regular expression Denial of Service in MooTools" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dubbo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.6.10", + "version_value": "2.6.10" + }, + { + "version_affected": "<", + "version_name": "2.7.10", + "version_value": "2.7.10" + }, + { + "version_affected": ">=", + "version_name": "2.7.0", + "version_value": "2.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/" + } + ] + }, + "source": { + "advisory": "GHSL-2021-039", + "defect": [ + "GHSL-2021-039" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32828.json b/2021/32xxx/CVE-2021-32828.json index e030d169da26..9544f651e1d4 100644 --- a/2021/32xxx/CVE-2021-32828.json +++ b/2021/32xxx/CVE-2021-32828.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Regular expression Denial of Service in MooTools" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nuxeo", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.5.109", + "version_value": "11.5.109" + } + ] + } + } + ] + }, + "vendor_name": "Hyland" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securitylab.github.com/advisories/GHSL-2021-072-nuxeo", + "refsource": "CONFIRM", + "url": "https://securitylab.github.com/advisories/GHSL-2021-072-nuxeo" + }, + { + "name": "https://github.com/nuxeo/nuxeo/blob/master/modules/platform/nuxeo-platform-oauth/src/main/java/org/nuxeo/ecm/webengine/oauth2/OAuth2Callback.java", + "refsource": "MISC", + "url": "https://github.com/nuxeo/nuxeo/blob/master/modules/platform/nuxeo-platform-oauth/src/main/java/org/nuxeo/ecm/webengine/oauth2/OAuth2Callback.java" + } + ] + }, + "source": { + "advisory": "GHSL-2021-072", + "defect": [ + "GHSL-2021-072" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33285.json b/2021/33xxx/CVE-2021-33285.json index 6725fd44b5b0..9c0d198720ff 100644 --- a/2021/33xxx/CVE-2021-33285.json +++ b/2021/33xxx/CVE-2021-33285.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/33xxx/CVE-2021-33286.json b/2021/33xxx/CVE-2021-33286.json index 808af91ae7dd..77ae2039630b 100644 --- a/2021/33xxx/CVE-2021-33286.json +++ b/2021/33xxx/CVE-2021-33286.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/33xxx/CVE-2021-33287.json b/2021/33xxx/CVE-2021-33287.json index 652a30761795..dddf4c4cddf5 100644 --- a/2021/33xxx/CVE-2021-33287.json +++ b/2021/33xxx/CVE-2021-33287.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/33xxx/CVE-2021-33289.json b/2021/33xxx/CVE-2021-33289.json index 08f83e2056a9..f176ed920a66 100644 --- a/2021/33xxx/CVE-2021-33289.json +++ b/2021/33xxx/CVE-2021-33289.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/33xxx/CVE-2021-33420.json b/2021/33xxx/CVE-2021-33420.json index 7e7fab58f3b4..9f48bdd1382d 100644 --- a/2021/33xxx/CVE-2021-33420.json +++ b/2021/33xxx/CVE-2021-33420.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/inikulin/replicator/issues/16", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/issues/16" + }, + { + "url": "https://github.com/inikulin/replicator/pull/17", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/pull/17" + }, + { + "url": "https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b", + "refsource": "MISC", + "name": "https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b" + }, + { + "url": "https://advisory.checkmarx.net/advisory/CX-2021-4787", + "refsource": "MISC", + "name": "https://advisory.checkmarx.net/advisory/CX-2021-4787" } ] } diff --git a/2021/33xxx/CVE-2021-33621.json b/2021/33xxx/CVE-2021-33621.json index e8a54eda17bd..9ac814fa0e43 100644 --- a/2021/33xxx/CVE-2021-33621.json +++ b/2021/33xxx/CVE-2021-33621.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-b9b710f199", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0004/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0004/" } ] } diff --git a/2021/33xxx/CVE-2021-33623.json b/2021/33xxx/CVE-2021-33623.json index 745bd59fb6c3..a31fe2eb3877 100644 --- a/2021/33xxx/CVE-2021-33623.json +++ b/2021/33xxx/CVE-2021-33623.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210702-0007/", "url": "https://security.netapp.com/advisory/ntap-20210702-0007/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3247-1] node-trim-newlines security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html" } ] } diff --git a/2021/33xxx/CVE-2021-33640.json b/2021/33xxx/CVE-2021-33640.json index 8776fd795580..868ce11e27d3 100644 --- a/2021/33xxx/CVE-2021-33640.json +++ b/2021/33xxx/CVE-2021-33640.json @@ -1,18 +1,120 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "securities@openeuler.org", "ID": "CVE-2021-33640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openEuler 22.03 LTS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": " libtar", + "version_value": "1.2.20-21" + } + ] + } + }, + { + "product_name": "openEuler 20.03 LTS SP1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": " libtar", + "version_value": "1.2.20-19" + } + ] + } + }, + { + "product_name": "openEuler 20.03 LTS SP3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": " libtar", + "version_value": "1.2.20-19" + } + ] + } + } + ] + }, + "vendor_name": "openEuler" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free)." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar", + "name": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640&packageName=libtar" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88772d0a2d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ccc68b06cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/" } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33643.json b/2021/33xxx/CVE-2021-33643.json index 865ff7bde77d..82946ca677f9 100644 --- a/2021/33xxx/CVE-2021-33643.json +++ b/2021/33xxx/CVE-2021-33643.json @@ -63,6 +63,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-44a20bba43", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88772d0a2d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ccc68b06cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/" } ] }, diff --git a/2021/33xxx/CVE-2021-33644.json b/2021/33xxx/CVE-2021-33644.json index 1b6bac12eac3..9aaadbd81b51 100644 --- a/2021/33xxx/CVE-2021-33644.json +++ b/2021/33xxx/CVE-2021-33644.json @@ -63,6 +63,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-44a20bba43", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88772d0a2d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ccc68b06cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/" } ] }, diff --git a/2021/33xxx/CVE-2021-33645.json b/2021/33xxx/CVE-2021-33645.json index 46c6d15ef39c..39ddb1826f7b 100644 --- a/2021/33xxx/CVE-2021-33645.json +++ b/2021/33xxx/CVE-2021-33645.json @@ -63,6 +63,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-44a20bba43", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88772d0a2d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ccc68b06cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/" } ] }, diff --git a/2021/33xxx/CVE-2021-33646.json b/2021/33xxx/CVE-2021-33646.json index d890192bb649..8954a91ef699 100644 --- a/2021/33xxx/CVE-2021-33646.json +++ b/2021/33xxx/CVE-2021-33646.json @@ -63,6 +63,16 @@ "refsource": "FEDORA", "name": "FEDORA-2022-44a20bba43", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-88772d0a2d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-ccc68b06cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/" } ] }, diff --git a/2021/33xxx/CVE-2021-33895.json b/2021/33xxx/CVE-2021-33895.json index f58a038e3849..5bb4521060dd 100644 --- a/2021/33xxx/CVE-2021-33895.json +++ b/2021/33xxx/CVE-2021-33895.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020." + "value": "ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure (USER_AUTHENTICATE_) used for verifying the Password returns 0 (no error). The reason is that the user is not running the XYGate application. Hence, BBSV assumes the Password is correct. For H4.09, the affected version isT0954V04^AAO. For E4.09, the affected version is 22SEP2020. Note: If your current version is E4.10-16MAY2021 (version procedure T9999V04_16MAY2022_BPAKETI_10), a hotfix (FIXPAK-19OCT-2022) is available in version E4.10-19OCT2022. Resolution to CVE-2021-33895 in version E4.11-19OCT2022" } ] }, diff --git a/2021/34xxx/CVE-2021-34334.json b/2021/34xxx/CVE-2021-34334.json index b070b2348deb..146238ff7c97 100644 --- a/2021/34xxx/CVE-2021-34334.json +++ b/2021/34xxx/CVE-2021-34334.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbaef8e2d5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/34xxx/CVE-2021-34427.json b/2021/34xxx/CVE-2021-34427.json index 6c1073fb8397..c3c075dc9a5a 100644 --- a/2021/34xxx/CVE-2021-34427.json +++ b/2021/34xxx/CVE-2021-34427.json @@ -57,7 +57,17 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142" + }, + { + "refsource": "FULLDISC", + "name": "20221220 SEC Consult SA-20221216-0 :: Remote code execution bypass in Eclipse Business Intelligence Reporting Tool (BiRT)", + "url": "http://seclists.org/fulldisclosure/2022/Dec/30" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170326/Eclipse-Business-Intelligence-Reporting-Tool-4.11.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/170326/Eclipse-Business-Intelligence-Reporting-Tool-4.11.0-Remote-Code-Execution.html" } ] } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34603.json b/2021/34xxx/CVE-2021-34603.json index 701638d5afef..9df0997f7d83 100644 --- a/2021/34xxx/CVE-2021-34603.json +++ b/2021/34xxx/CVE-2021-34603.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-34603", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/34xxx/CVE-2021-34607.json b/2021/34xxx/CVE-2021-34607.json index de52c3053fa3..075d751a628d 100644 --- a/2021/34xxx/CVE-2021-34607.json +++ b/2021/34xxx/CVE-2021-34607.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-34607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/34xxx/CVE-2021-34608.json b/2021/34xxx/CVE-2021-34608.json index ca43c4514dbd..120cb2f8c1cc 100644 --- a/2021/34xxx/CVE-2021-34608.json +++ b/2021/34xxx/CVE-2021-34608.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-34608", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/35xxx/CVE-2021-35065.json b/2021/35xxx/CVE-2021-35065.json index 0cc09f91cd56..cdf533d77b81 100644 --- a/2021/35xxx/CVE-2021-35065.json +++ b/2021/35xxx/CVE-2021-35065.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" + }, + { + "url": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339", + "refsource": "MISC", + "name": "https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339" + }, + { + "url": "https://github.com/gulpjs/glob-parent/pull/49", + "refsource": "MISC", + "name": "https://github.com/gulpjs/glob-parent/pull/49" } ] } diff --git a/2021/35xxx/CVE-2021-35252.json b/2021/35xxx/CVE-2021-35252.json index 19747be80fec..861a4082d1f8 100644 --- a/2021/35xxx/CVE-2021-35252.json +++ b/2021/35xxx/CVE-2021-35252.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Serv-U FTP Server", + "version": { + "version_data": [ + { + "version_value": "15.3.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm", + "refsource": "MISC", + "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "SolarWinds advises to upgrade to the latest version of Serv-U 15.3.2 once became generally available." + } + ], + "value": "SolarWinds advises to upgrade to the latest version of Serv-U 15.3.2 once became generally available." + } + ], + "credits": [ + { + "lang": "en", + "value": "SecureWorks Disclosure Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/35xxx/CVE-2021-35266.json b/2021/35xxx/CVE-2021-35266.json index a9325a5f73d8..6c976d6bfceb 100644 --- a/2021/35xxx/CVE-2021-35266.json +++ b/2021/35xxx/CVE-2021-35266.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/35xxx/CVE-2021-35267.json b/2021/35xxx/CVE-2021-35267.json index f258ae8ccc7d..3c7968ae7e8e 100644 --- a/2021/35xxx/CVE-2021-35267.json +++ b/2021/35xxx/CVE-2021-35267.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/35xxx/CVE-2021-35268.json b/2021/35xxx/CVE-2021-35268.json index 9eea35b750a6..320ff8eb3598 100644 --- a/2021/35xxx/CVE-2021-35268.json +++ b/2021/35xxx/CVE-2021-35268.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/35xxx/CVE-2021-35269.json b/2021/35xxx/CVE-2021-35269.json index 9c8841057dfa..03c886f994b5 100644 --- a/2021/35xxx/CVE-2021-35269.json +++ b/2021/35xxx/CVE-2021-35269.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/35xxx/CVE-2021-35452.json b/2021/35xxx/CVE-2021-35452.json index 943ef7a19bce..c8d88f2b0e64 100644 --- a/2021/35xxx/CVE-2021-35452.json +++ b/2021/35xxx/CVE-2021-35452.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/298", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/298" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/35xxx/CVE-2021-35576.json b/2021/35xxx/CVE-2021-35576.json index cabbe7b947e6..b7f97931c76b 100644 --- a/2021/35xxx/CVE-2021-35576.json +++ b/2021/35xxx/CVE-2021-35576.json @@ -77,6 +77,16 @@ "refsource": "MISC", "name": "https://databasesecurityninja.wordpress.com/2022/06/11/cve-2021-35576-bypassing-unified-audit-policy/", "url": "https://databasesecurityninja.wordpress.com/2022/06/11/cve-2021-35576-bypassing-unified-audit-policy/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170354/Oracle-Unified-Audit-Policy-Bypass.html", + "url": "http://packetstormsecurity.com/files/170354/Oracle-Unified-Audit-Policy-Bypass.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170373/Oracle-Database-Vault-Metadata-Exposure.html", + "url": "http://packetstormsecurity.com/files/170373/Oracle-Database-Vault-Metadata-Exposure.html" } ] } diff --git a/2021/35xxx/CVE-2021-35951.json b/2021/35xxx/CVE-2021-35951.json index 80c02b101a79..fc0398a27c57 100644 --- a/2021/35xxx/CVE-2021-35951.json +++ b/2021/35xxx/CVE-2021-35951.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35951", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "url": "https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update", + "refsource": "MISC", + "name": "https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update" } ] } diff --git a/2021/35xxx/CVE-2021-35952.json b/2021/35xxx/CVE-2021-35952.json index a88aba9bb971..1521fd4cc050 100644 --- a/2021/35xxx/CVE-2021-35952.json +++ b/2021/35xxx/CVE-2021-35952.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "url": "https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex", + "refsource": "MISC", + "name": "https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex" } ] } diff --git a/2021/35xxx/CVE-2021-35953.json b/2021/35xxx/CVE-2021-35953.json index 5df4b557a759..13e15def0b0c 100644 --- a/2021/35xxx/CVE-2021-35953.json +++ b/2021/35xxx/CVE-2021-35953.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "url": "https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker", + "refsource": "MISC", + "name": "https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker" } ] } diff --git a/2021/35xxx/CVE-2021-35954.json b/2021/35xxx/CVE-2021-35954.json index b3a42bdb0376..b25373c70837 100644 --- a/2021/35xxx/CVE-2021-35954.json +++ b/2021/35xxx/CVE-2021-35954.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "url": "https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex", + "refsource": "MISC", + "name": "https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex" } ] } diff --git a/2021/36xxx/CVE-2021-36408.json b/2021/36xxx/CVE-2021-36408.json index c1ee7a8f786e..8289bbc45311 100644 --- a/2021/36xxx/CVE-2021-36408.json +++ b/2021/36xxx/CVE-2021-36408.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/299", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/299" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36409.json b/2021/36xxx/CVE-2021-36409.json index 9c94e1ec298c..2c0ef4e690d3 100644 --- a/2021/36xxx/CVE-2021-36409.json +++ b/2021/36xxx/CVE-2021-36409.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/300", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/300" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36410.json b/2021/36xxx/CVE-2021-36410.json index fbca45557883..cad2a0e8af11 100644 --- a/2021/36xxx/CVE-2021-36410.json +++ b/2021/36xxx/CVE-2021-36410.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/301", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/301" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36411.json b/2021/36xxx/CVE-2021-36411.json index b26a33045a3b..d9bb38ea1a75 100644 --- a/2021/36xxx/CVE-2021-36411.json +++ b/2021/36xxx/CVE-2021-36411.json @@ -56,6 +56,11 @@ "url": "https://github.com/strukturag/libde265/issues/302", "refsource": "MISC", "name": "https://github.com/strukturag/libde265/issues/302" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3240-1] libde265 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html" } ] } diff --git a/2021/36xxx/CVE-2021-36572.json b/2021/36xxx/CVE-2021-36572.json index 208adc17dc87..6a72d9ae0c2e 100644 --- a/2021/36xxx/CVE-2021-36572.json +++ b/2021/36xxx/CVE-2021-36572.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36572", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/58", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/58" } ] } diff --git a/2021/36xxx/CVE-2021-36573.json b/2021/36xxx/CVE-2021-36573.json index b39b99f2960f..c798b877d531 100644 --- a/2021/36xxx/CVE-2021-36573.json +++ b/2021/36xxx/CVE-2021-36573.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36573", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/59", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/59" } ] } diff --git a/2021/36xxx/CVE-2021-36603.json b/2021/36xxx/CVE-2021-36603.json index 610bf516ef29..5e688e74adc5 100644 --- a/2021/36xxx/CVE-2021-36603.json +++ b/2021/36xxx/CVE-2021-36603.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2021-36603", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/arendst/Tasmota/issues/12221", + "url": "https://github.com/arendst/Tasmota/issues/12221" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field \"Friendly Name 1\"." } ] } diff --git a/2021/36xxx/CVE-2021-36631.json b/2021/36xxx/CVE-2021-36631.json index 9a0c3faf9e8b..bd1e89107399 100644 --- a/2021/36xxx/CVE-2021-36631.json +++ b/2021/36xxx/CVE-2021-36631.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shigophilo/CVE/blob/main/Baidunetdisk%20Version%207.4.3%20dll%20hijack.md", + "url": "https://github.com/shigophilo/CVE/blob/main/Baidunetdisk%20Version%207.4.3%20dll%20hijack.md" } ] } diff --git a/2021/36xxx/CVE-2021-36981.json b/2021/36xxx/CVE-2021-36981.json index 49c483a4fe62..cc8cfc765394 100644 --- a/2021/36xxx/CVE-2021-36981.json +++ b/2021/36xxx/CVE-2021-36981.json @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://github.com/SerNet/verinice/compare/1.22.1...1.22.2", "url": "https://github.com/SerNet/verinice/compare/1.22.1...1.22.2" + }, + { + "refsource": "MISC", + "name": "https://github.com/0xBrAinsTorM/CVE-2021-36981", + "url": "https://github.com/0xBrAinsTorM/CVE-2021-36981" + }, + { + "refsource": "MISC", + "name": "https://www.secianus.de/worum-geht-es/aktuelle-meldung/cve-2021-36981-verinicepro-unsafe-java-deserialization", + "url": "https://www.secianus.de/worum-geht-es/aktuelle-meldung/cve-2021-36981-verinicepro-unsafe-java-deserialization" } ] } diff --git a/2021/37xxx/CVE-2021-37533.json b/2021/37xxx/CVE-2021-37533.json index 41fab4516d93..83b48fe59bcb 100644 --- a/2021/37xxx/CVE-2021-37533.json +++ b/2021/37xxx/CVE-2021-37533.json @@ -78,6 +78,16 @@ "refsource": "MLIST", "name": "[oss-security] 20221203 CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default", "url": "http://www.openwall.com/lists/oss-security/2022/12/03/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221229 [SECURITY] [DLA 3251-1] libcommons-net-java security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00038.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5307", + "url": "https://www.debian.org/security/2022/dsa-5307" } ] }, diff --git a/2021/37xxx/CVE-2021-37620.json b/2021/37xxx/CVE-2021-37620.json index 04f543937c6f..193928f22cea 100644 --- a/2021/37xxx/CVE-2021-37620.json +++ b/2021/37xxx/CVE-2021-37620.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbaef8e2d5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/37xxx/CVE-2021-37621.json b/2021/37xxx/CVE-2021-37621.json index 8756ca0aa276..a355b6a6f5ab 100644 --- a/2021/37xxx/CVE-2021-37621.json +++ b/2021/37xxx/CVE-2021-37621.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbaef8e2d5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/37xxx/CVE-2021-37622.json b/2021/37xxx/CVE-2021-37622.json index 00f0623835ab..bbe158a9d042 100644 --- a/2021/37xxx/CVE-2021-37622.json +++ b/2021/37xxx/CVE-2021-37622.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbaef8e2d5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230110 [SECURITY] [DLA 3265-1] exiv2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html" } ] }, diff --git a/2021/38xxx/CVE-2021-38241.json b/2021/38xxx/CVE-2021-38241.json index b46c58265e8c..95f7e95d6d09 100644 --- a/2021/38xxx/CVE-2021-38241.json +++ b/2021/38xxx/CVE-2021-38241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.du1ge.com/archives/CVE-2021-38241", + "url": "https://www.du1ge.com/archives/CVE-2021-38241" } ] } diff --git a/2021/38xxx/CVE-2021-38370.json b/2021/38xxx/CVE-2021-38370.json index 980e54d97f2d..aa4acdf54520 100644 --- a/2021/38xxx/CVE-2021-38370.json +++ b/2021/38xxx/CVE-2021-38370.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://bugs.gentoo.org/807613#c4", "url": "https://bugs.gentoo.org/807613#c4" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-07", + "url": "https://security.gentoo.org/glsa/202301-07" } ] } diff --git a/2021/38xxx/CVE-2021-38561.json b/2021/38xxx/CVE-2021-38561.json index e37dccaad2bd..ca96577cf32d 100644 --- a/2021/38xxx/CVE-2021-38561.json +++ b/2021/38xxx/CVE-2021-38561.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38561", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://groups.google.com/g/golang-announce", + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce" + }, + { + "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f", + "refsource": "MISC", + "name": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f" + }, + { + "url": "https://deps.dev/advisory/OSV/GO-2021-0113", + "refsource": "MISC", + "name": "https://deps.dev/advisory/OSV/GO-2021-0113" + }, + { + "url": "https://pkg.go.dev/golang.org/x/text/language", + "refsource": "MISC", + "name": "https://pkg.go.dev/golang.org/x/text/language" } ] } diff --git a/2021/38xxx/CVE-2021-38928.json b/2021/38xxx/CVE-2021-38928.json index ccb288bb2345..e5e07c9c2ed8 100644 --- a/2021/38xxx/CVE-2021-38928.json +++ b/2021/38xxx/CVE-2021-38928.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "942 Overly Permissive Cross-domain Whitelist" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852467", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852467" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210323", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210323" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2021/39xxx/CVE-2021-39251.json b/2021/39xxx/CVE-2021-39251.json index f545ff276335..ca2fcf4a1ed5 100644 --- a/2021/39xxx/CVE-2021-39251.json +++ b/2021/39xxx/CVE-2021-39251.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39252.json b/2021/39xxx/CVE-2021-39252.json index 8d0d31c41824..7157d109881e 100644 --- a/2021/39xxx/CVE-2021-39252.json +++ b/2021/39xxx/CVE-2021-39252.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39253.json b/2021/39xxx/CVE-2021-39253.json index aef1df33a736..331fc7b25a8f 100644 --- a/2021/39xxx/CVE-2021-39253.json +++ b/2021/39xxx/CVE-2021-39253.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39254.json b/2021/39xxx/CVE-2021-39254.json index 3366b0a03540..83978003b95b 100644 --- a/2021/39xxx/CVE-2021-39254.json +++ b/2021/39xxx/CVE-2021-39254.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39255.json b/2021/39xxx/CVE-2021-39255.json index f71dd6f60fbf..63d04fa93626 100644 --- a/2021/39xxx/CVE-2021-39255.json +++ b/2021/39xxx/CVE-2021-39255.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39256.json b/2021/39xxx/CVE-2021-39256.json index 8b7bb8066bb3..986108639697 100644 --- a/2021/39xxx/CVE-2021-39256.json +++ b/2021/39xxx/CVE-2021-39256.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39257.json b/2021/39xxx/CVE-2021-39257.json index fc817f87bf84..c5998018cf45 100644 --- a/2021/39xxx/CVE-2021-39257.json +++ b/2021/39xxx/CVE-2021-39257.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39258.json b/2021/39xxx/CVE-2021-39258.json index 45f8ba729836..e779e25af90f 100644 --- a/2021/39xxx/CVE-2021-39258.json +++ b/2021/39xxx/CVE-2021-39258.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39259.json b/2021/39xxx/CVE-2021-39259.json index 1609ef3f4b45..c99e5ad09721 100644 --- a/2021/39xxx/CVE-2021-39259.json +++ b/2021/39xxx/CVE-2021-39259.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39260.json b/2021/39xxx/CVE-2021-39260.json index 717ca6da6f45..25ef2eece8cc 100644 --- a/2021/39xxx/CVE-2021-39260.json +++ b/2021/39xxx/CVE-2021-39260.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39261.json b/2021/39xxx/CVE-2021-39261.json index 63c3c35243e5..cf58825250d4 100644 --- a/2021/39xxx/CVE-2021-39261.json +++ b/2021/39xxx/CVE-2021-39261.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39262.json b/2021/39xxx/CVE-2021-39262.json index 8e443a3b0738..60b6d0326c02 100644 --- a/2021/39xxx/CVE-2021-39262.json +++ b/2021/39xxx/CVE-2021-39262.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39263.json b/2021/39xxx/CVE-2021-39263.json index d3a11a38cc88..733280285a9a 100644 --- a/2021/39xxx/CVE-2021-39263.json +++ b/2021/39xxx/CVE-2021-39263.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211116 [SECURITY] [DLA 2819-1] ntfs-3g security update", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-01", + "url": "https://security.gentoo.org/glsa/202301-01" } ] } diff --git a/2021/39xxx/CVE-2021-39298.json b/2021/39xxx/CVE-2021-39298.json index a23dcc8626e7..f52fff157d9e 100644 --- a/2021/39xxx/CVE-2021-39298.json +++ b/2021/39xxx/CVE-2021-39298.json @@ -1,82 +1,119 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@amd.com", - "DATE_PUBLIC": "2022-05-10T20:00:00.000Z", "ID": "CVE-2021-39298", + "ASSIGNER": "psirt@amd.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "AMD", "product": { "product_data": [ { - "product_name": "Ryzen\u2122 Series ", + "product_name": "2nd Gen EPYC", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "various" + "version_value": "Various ", + "version_affected": "=" } ] } }, { - "product_name": " Athlon\u2122 Series ", + "product_name": "3rd Gen EPYC", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "various" + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Ryzen 2000 Series", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Ryzen 3000 Series ", + "version": { + "version_data": [ + { + "version_value": "Various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Ryzen 5000 Series ", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "AMD" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "tbd" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", "refsource": "MISC", - "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027", - "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027" + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + }, + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { - "advisory": "AMD-SB-1027 ", + "advisory": "AMD-SB-1032", "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39369.json b/2021/39xxx/CVE-2021-39369.json index 18593f7fc392..9c6b0aee1fe3 100644 --- a/2021/39xxx/CVE-2021-39369.json +++ b/2021/39xxx/CVE-2021-39369.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39369", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=7zC84TNpIxw", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=7zC84TNpIxw" + }, + { + "url": "https://www.usa.philips.com/healthcare", + "refsource": "MISC", + "name": "https://www.usa.philips.com/healthcare" + }, + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01" } ] } diff --git a/2021/39xxx/CVE-2021-39426.json b/2021/39xxx/CVE-2021-39426.json index a49cc3c1f720..3ce30f8f592d 100644 --- a/2021/39xxx/CVE-2021-39426.json +++ b/2021/39xxx/CVE-2021-39426.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/seacms-com/seacms/issues/21", + "url": "https://github.com/seacms-com/seacms/issues/21" } ] } diff --git a/2021/39xxx/CVE-2021-39427.json b/2021/39xxx/CVE-2021-39427.json index d487875aafc8..c2b35b017101 100644 --- a/2021/39xxx/CVE-2021-39427.json +++ b/2021/39xxx/CVE-2021-39427.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vtime-tech/188Jianzhan/issues/4", + "refsource": "MISC", + "name": "https://github.com/vtime-tech/188Jianzhan/issues/4" } ] } diff --git a/2021/39xxx/CVE-2021-39428.json b/2021/39xxx/CVE-2021-39428.json index 57daad666867..e798f3a29b77 100644 --- a/2021/39xxx/CVE-2021-39428.json +++ b/2021/39xxx/CVE-2021-39428.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eyoucms/eyoucms/issues/14", + "refsource": "MISC", + "name": "https://github.com/eyoucms/eyoucms/issues/14" } ] } diff --git a/2021/3xxx/CVE-2021-3092.json b/2021/3xxx/CVE-2021-3092.json index 0a5e716a1e4c..35cd9d5e4b49 100644 --- a/2021/3xxx/CVE-2021-3092.json +++ b/2021/3xxx/CVE-2021-3092.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3093.json b/2021/3xxx/CVE-2021-3093.json index 1f5072518c05..4e224777dd03 100644 --- a/2021/3xxx/CVE-2021-3093.json +++ b/2021/3xxx/CVE-2021-3093.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3093", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3094.json b/2021/3xxx/CVE-2021-3094.json index 459a2684f33e..bc5496eda4c8 100644 --- a/2021/3xxx/CVE-2021-3094.json +++ b/2021/3xxx/CVE-2021-3094.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3094", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3096.json b/2021/3xxx/CVE-2021-3096.json index 5ea54bd8ad86..5d9a9b144c86 100644 --- a/2021/3xxx/CVE-2021-3096.json +++ b/2021/3xxx/CVE-2021-3096.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3096", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3097.json b/2021/3xxx/CVE-2021-3097.json index b413c4cccf79..ce9b7065e388 100644 --- a/2021/3xxx/CVE-2021-3097.json +++ b/2021/3xxx/CVE-2021-3097.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3097", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3098.json b/2021/3xxx/CVE-2021-3098.json index dcdd00081b8d..c718d6832427 100644 --- a/2021/3xxx/CVE-2021-3098.json +++ b/2021/3xxx/CVE-2021-3098.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3098", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3102.json b/2021/3xxx/CVE-2021-3102.json index e22ff36d2090..81e15982a6d6 100644 --- a/2021/3xxx/CVE-2021-3102.json +++ b/2021/3xxx/CVE-2021-3102.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3102", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3103.json b/2021/3xxx/CVE-2021-3103.json index 04bc7b4065b9..96cd0fa1f5e5 100644 --- a/2021/3xxx/CVE-2021-3103.json +++ b/2021/3xxx/CVE-2021-3103.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3103", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3104.json b/2021/3xxx/CVE-2021-3104.json index cbf631c471d6..6e7ca8214265 100644 --- a/2021/3xxx/CVE-2021-3104.json +++ b/2021/3xxx/CVE-2021-3104.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3104", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3105.json b/2021/3xxx/CVE-2021-3105.json index 0f7350008401..dd5ef789298c 100644 --- a/2021/3xxx/CVE-2021-3105.json +++ b/2021/3xxx/CVE-2021-3105.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3105", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2021/3xxx/CVE-2021-3485.json b/2021/3xxx/CVE-2021-3485.json index da6a7dd7a234..3095ad1e719c 100644 --- a/2021/3xxx/CVE-2021-3485.json +++ b/2021/3xxx/CVE-2021-3485.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve-requests@bitdefender.com", - "DATE_PUBLIC": "2021-05-21T09:00:00.000Z", "ID": "CVE-2021-3485", - "STATE": "PUBLIC", - "TITLE": "Improper Input Validation in Bitdefender Endpoint Security Tools for Linux" + "ASSIGNER": "cve-requests@bitdefender.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Bitdefender", "product": { "product_data": [ { @@ -17,85 +40,70 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "6.2.21.155" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Bitdefender" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 Improper Input Validation" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769", + "refsource": "MISC", "name": "https://www.bitdefender.com/support/security-advisories/improper-input-validation-in-bitdefender-endpoint-security-tools-for-linux-va-9769" }, { + "url": "https://herolab.usd.de/security-advisories/usd-2021-0014/", "refsource": "MISC", - "name": "https://herolab.usd.de/security-advisories/usd-2021-0014/", - "url": "https://herolab.usd.de/security-advisories/usd-2021-0014/" + "name": "https://herolab.usd.de/security-advisories/usd-2021-0014/" } ] }, - "solution": [ - { - "lang": "eng", - "value": "An automatic update to version 6.2.21.155 fixes the issue." - } - ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "defect": [ "VA-9769" ], "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

An automatic update to version 6.2.21.155 fixes the issue.

" + } + ], + "value": "An automatic update to version 6.2.21.155 fixes the issue.\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3671.json b/2021/3xxx/CVE-2021-3671.json index 8f1734c48af6..11d848841dd9 100644 --- a/2021/3xxx/CVE-2021-3671.json +++ b/2021/3xxx/CVE-2021-3671.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221215-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221215-0002/" } ] }, diff --git a/2021/3xxx/CVE-2021-3759.json b/2021/3xxx/CVE-2021-3759.json index c4341143f770..5bfd89ce1bcc 100644 --- a/2021/3xxx/CVE-2021-3759.json +++ b/2021/3xxx/CVE-2021-3759.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/", "url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ] }, diff --git a/2021/3xxx/CVE-2021-3966.json b/2021/3xxx/CVE-2021-3966.json index c0125653cca9..081f6040059e 100644 --- a/2021/3xxx/CVE-2021-3966.json +++ b/2021/3xxx/CVE-2021-3966.json @@ -4,15 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2022-02-16T00:00:00.000Z", + "STATE": "PUBLIC", + "TITLE": "Usb bluetooth device ACL read cb buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "v3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", + "attackVector": "Adjacent", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m" + } + ] + }, + "source": { + "defect": [ + "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfxq-3w6x-fv2m" + ] } -} \ No newline at end of file +} diff --git a/2021/40xxx/CVE-2021-40341.json b/2021/40xxx/CVE-2021-40341.json index 5bb426b5d098..64d8549d64b0 100644 --- a/2021/40xxx/CVE-2021-40341.json +++ b/2021/40xxx/CVE-2021-40341.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "=" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n

For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n

For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
" + } + ], + "value": "\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication.\u00a0\n * Embedded FOXCST with RADIUS authentication should be avoided.\u00a0\n * Database contains credentials with weak encryption.\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/40xxx/CVE-2021-40342.json b/2021/40xxx/CVE-2021-40342.json index 664da61ab94f..2fe3c8c096ea 100644 --- a/2021/40xxx/CVE-2021-40342.json +++ b/2021/40xxx/CVE-2021-40342.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "=" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n

For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n

For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
" + } + ], + "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication. \n * Embedded FOXCST with RADIUS authentication should be avoided. \n * Database contains credentials with weak encryption.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/40xxx/CVE-2021-40365.json b/2021/40xxx/CVE-2021-40365.json index 64ddb91408ad..29cb2e248e48 100644 --- a/2021/40xxx/CVE-2021-40365.json +++ b/2021/40xxx/CVE-2021-40365.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-40365", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518-4F PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,61 +36,815 @@ "product": { "product_data": [ { - "product_name": "SIMATIC Drive Controller family", + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.6.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511T-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511TF-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513R-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515T-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515TF-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4F PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V4.6.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 Software Controller", + "product_name": "SIMATIC S7-PLCSIM Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-PLCSIM Advanced", + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL", "version": { "version_data": [ { - "version_value": "All versions < V5.0" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518F-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" } ] } @@ -79,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -89,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -100,33 +877,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40393.json b/2021/40xxx/CVE-2021-40393.json index 1eb59b483a9b..fed9ffedb275 100644 --- a/2021/40xxx/CVE-2021-40393.json +++ b/2021/40xxx/CVE-2021-40393.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5306", + "url": "https://www.debian.org/security/2022/dsa-5306" } ] }, diff --git a/2021/40xxx/CVE-2021-40394.json b/2021/40xxx/CVE-2021-40394.json index 954959f2bad1..663ac567d341 100644 --- a/2021/40xxx/CVE-2021-40394.json +++ b/2021/40xxx/CVE-2021-40394.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5306", + "url": "https://www.debian.org/security/2022/dsa-5306" } ] }, diff --git a/2021/40xxx/CVE-2021-40401.json b/2021/40xxx/CVE-2021-40401.json index 72b79a957e0a..584a71941ef1 100644 --- a/2021/40xxx/CVE-2021-40401.json +++ b/2021/40xxx/CVE-2021-40401.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-4a3ef86baa", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5306", + "url": "https://www.debian.org/security/2022/dsa-5306" } ] }, diff --git a/2021/40xxx/CVE-2021-40403.json b/2021/40xxx/CVE-2021-40403.json index ac1be6ba7a0c..0bf3f1bf6d7f 100644 --- a/2021/40xxx/CVE-2021-40403.json +++ b/2021/40xxx/CVE-2021-40403.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e819bd191f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTGBC37N2FV7NKOWFVCFMPAFYEPHSB7C/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5306", + "url": "https://www.debian.org/security/2022/dsa-5306" } ] }, diff --git a/2021/41xxx/CVE-2021-41006.json b/2021/41xxx/CVE-2021-41006.json index afffa7153eda..d25b768ce356 100644 --- a/2021/41xxx/CVE-2021-41006.json +++ b/2021/41xxx/CVE-2021-41006.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41007.json b/2021/41xxx/CVE-2021-41007.json index 93ca24e752a3..b9e5d2ad1b24 100644 --- a/2021/41xxx/CVE-2021-41007.json +++ b/2021/41xxx/CVE-2021-41007.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41008.json b/2021/41xxx/CVE-2021-41008.json index 6de43d24a700..10917dca9607 100644 --- a/2021/41xxx/CVE-2021-41008.json +++ b/2021/41xxx/CVE-2021-41008.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41009.json b/2021/41xxx/CVE-2021-41009.json index 40a7b4ffddd1..59cddfb79435 100644 --- a/2021/41xxx/CVE-2021-41009.json +++ b/2021/41xxx/CVE-2021-41009.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41010.json b/2021/41xxx/CVE-2021-41010.json index b3916dfff76a..2fb353ed00c1 100644 --- a/2021/41xxx/CVE-2021-41010.json +++ b/2021/41xxx/CVE-2021-41010.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41823.json b/2021/41xxx/CVE-2021-41823.json index ef63df7d0fbd..dc1cf72cc18c 100644 --- a/2021/41xxx/CVE-2021-41823.json +++ b/2021/41xxx/CVE-2021-41823.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/kpx9Nvbf", + "url": "https://pastebin.com/kpx9Nvbf" } ] } diff --git a/2021/41xxx/CVE-2021-41977.json b/2021/41xxx/CVE-2021-41977.json index cc8d39d68f0d..b0d659c8a394 100644 --- a/2021/41xxx/CVE-2021-41977.json +++ b/2021/41xxx/CVE-2021-41977.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41977", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41978.json b/2021/41xxx/CVE-2021-41978.json index 8d37ddfbf2b7..2921fe27b67b 100644 --- a/2021/41xxx/CVE-2021-41978.json +++ b/2021/41xxx/CVE-2021-41978.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41978", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41979.json b/2021/41xxx/CVE-2021-41979.json index d30335850835..da48a5a6afd3 100644 --- a/2021/41xxx/CVE-2021-41979.json +++ b/2021/41xxx/CVE-2021-41979.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41979", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41980.json b/2021/41xxx/CVE-2021-41980.json index 009bb4c1df3d..a45e2b21767a 100644 --- a/2021/41xxx/CVE-2021-41980.json +++ b/2021/41xxx/CVE-2021-41980.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41980", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41981.json b/2021/41xxx/CVE-2021-41981.json index 2bcc8381a5e4..e44b35d35528 100644 --- a/2021/41xxx/CVE-2021-41981.json +++ b/2021/41xxx/CVE-2021-41981.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41981", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41982.json b/2021/41xxx/CVE-2021-41982.json index 58ce075491b9..396b6e24738f 100644 --- a/2021/41xxx/CVE-2021-41982.json +++ b/2021/41xxx/CVE-2021-41982.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41982", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41983.json b/2021/41xxx/CVE-2021-41983.json index d071d3f18319..fb149785a50f 100644 --- a/2021/41xxx/CVE-2021-41983.json +++ b/2021/41xxx/CVE-2021-41983.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41983", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41984.json b/2021/41xxx/CVE-2021-41984.json index 5caebf19464c..3b7c0e4f3111 100644 --- a/2021/41xxx/CVE-2021-41984.json +++ b/2021/41xxx/CVE-2021-41984.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41984", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41985.json b/2021/41xxx/CVE-2021-41985.json index ef59d46ee525..c7d1050b7559 100644 --- a/2021/41xxx/CVE-2021-41985.json +++ b/2021/41xxx/CVE-2021-41985.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41985", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/41xxx/CVE-2021-41986.json b/2021/41xxx/CVE-2021-41986.json index bc54ec2a5f54..d60bacfc1064 100644 --- a/2021/41xxx/CVE-2021-41986.json +++ b/2021/41xxx/CVE-2021-41986.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-41986", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none." } ] } diff --git a/2021/43xxx/CVE-2021-43395.json b/2021/43xxx/CVE-2021-43395.json index 4440ac0a9127..9fadbf3c458d 100644 --- a/2021/43xxx/CVE-2021-43395.json +++ b/2021/43xxx/CVE-2021-43395.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-43395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c", + "refsource": "MISC", + "name": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c" + }, + { + "url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c", + "refsource": "MISC", + "name": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2022.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "url": "http://www.tribblix.org/relnotes.html", + "refsource": "MISC", + "name": "http://www.tribblix.org/relnotes.html" + }, + { + "url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/", + "refsource": "MISC", + "name": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/" + }, + { + "url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424", + "refsource": "MISC", + "name": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424" + }, + { + "url": "https://www.illumos.org/issues/14424", + "refsource": "MISC", + "name": "https://www.illumos.org/issues/14424" + }, + { + "url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90", + "refsource": "MISC", + "name": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90" + }, + { + "url": "https://kebe.com/blog/?p=505", + "refsource": "MISC", + "name": "https://kebe.com/blog/?p=505" } ] } diff --git a/2021/43xxx/CVE-2021-43527.json b/2021/43xxx/CVE-2021-43527.json index d68a41589846..2b86666332dc 100644 --- a/2021/43xxx/CVE-2021-43527.json +++ b/2021/43xxx/CVE-2021-43527.json @@ -88,6 +88,11 @@ "refsource": "MISC", "name": "https://www.starwindsoftware.com/security/sw-20220802-0001/", "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-05", + "url": "https://security.gentoo.org/glsa/202212-05" } ] }, diff --git a/2021/43xxx/CVE-2021-43657.json b/2021/43xxx/CVE-2021-43657.json index d0b262ce9c6b..860c0c292bec 100644 --- a/2021/43xxx/CVE-2021-43657.json +++ b/2021/43xxx/CVE-2021-43657.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/c0n5n3d/CVE-2021-43657/blob/main/Info.txt", + "url": "https://github.com/c0n5n3d/CVE-2021-43657/blob/main/Info.txt" } ] } diff --git a/2021/43xxx/CVE-2021-43666.json b/2021/43xxx/CVE-2021-43666.json index 949cd7b729d6..197a50f1e92c 100644 --- a/2021/43xxx/CVE-2021-43666.json +++ b/2021/43xxx/CVE-2021-43666.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43666", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,12 +27,41 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { "url": "https://github.com/ARMmbed/mbedtls/issues/5136", "refsource": "MISC", "name": "https://github.com/ARMmbed/mbedtls/issues/5136" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" } ] } diff --git a/2021/44xxx/CVE-2021-44002.json b/2021/44xxx/CVE-2021-44002.json index 611679e1ec8c..b00c86bc8f82 100644 --- a/2021/44xxx/CVE-2021-44002.json +++ b/2021/44xxx/CVE-2021-44002.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44002", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,21 +36,34 @@ "product": { "product_data": [ { - "product_name": "JT2Go", + "product_name": "JT Open", + "version": { + "version_data": [ + { + "version_value": "All versions < V11.1.1.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "JT Utilities", "version": { "version_data": [ { - "version_value": "All versions < V13.2.0.5" + "version_value": "All versions < V13.1.1.0", + "version_affected": "=" } ] } }, { - "product_name": "Teamcenter Visualization", + "product_name": "Solid Edge", "version": { "version_data": [ { - "version_value": "All versions < V13.2.0.5" + "version_value": "All versions < V2023", + "version_affected": "=" } ] } @@ -40,37 +74,27 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058)" - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-006/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-006/" + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2021/44xxx/CVE-2021-44014.json b/2021/44xxx/CVE-2021-44014.json index 0c4c49be876f..2452ee60243c 100644 --- a/2021/44xxx/CVE-2021-44014.json +++ b/2021/44xxx/CVE-2021-44014.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44014", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,21 +36,34 @@ "product": { "product_data": [ { - "product_name": "JT2Go", + "product_name": "JT Open", + "version": { + "version_data": [ + { + "version_value": "All versions < V11.1.1.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "JT Utilities", "version": { "version_data": [ { - "version_value": "All versions < V13.2.0.5" + "version_value": "All versions < V13.1.1.0", + "version_affected": "=" } ] } }, { - "product_name": "Teamcenter Visualization", + "product_name": "Solid Edge", "version": { "version_data": [ { - "version_value": "All versions < V13.2.0.5" + "version_value": "All versions < V2023", + "version_affected": "=" } ] } @@ -40,37 +74,27 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057)" - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf" }, { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-005/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-005/" + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2021/44xxx/CVE-2021-44693.json b/2021/44xxx/CVE-2021-44693.json index 7ebc4eb74424..813185cf5bd0 100644 --- a/2021/44xxx/CVE-2021-44693.json +++ b/2021/44xxx/CVE-2021-44693.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44693", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518-4F PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284: Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,61 +36,815 @@ "product": { "product_data": [ { - "product_name": "SIMATIC Drive Controller family", + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.6.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511T-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511TF-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513R-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515T-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515TF-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4F PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V4.6.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 Software Controller", + "product_name": "SIMATIC S7-PLCSIM Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-PLCSIM Advanced", + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL", "version": { "version_data": [ { - "version_value": "All versions < V5.0" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518F-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" } ] } @@ -79,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -89,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -100,33 +877,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-1284: Improper Validation of Specified Quantity in Input" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } + ] } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44694.json b/2021/44xxx/CVE-2021-44694.json index fbaff3d87231..0bc672406997 100644 --- a/2021/44xxx/CVE-2021-44694.json +++ b/2021/44xxx/CVE-2021-44694.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44694", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518-4F PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1287: Improper Validation of Specified Type of Input", + "cweId": "CWE-1287" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,61 +36,815 @@ "product": { "product_data": [ { - "product_name": "SIMATIC Drive Controller family", + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.6.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511T-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511TF-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513R-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515T-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515TF-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4F PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V4.6.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 Software Controller", + "product_name": "SIMATIC S7-PLCSIM Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-PLCSIM Advanced", + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL", "version": { "version_data": [ { - "version_value": "All versions < V5.0" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518F-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" } ] } @@ -79,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -89,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -100,33 +877,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-1287: Improper Validation of Specified Type of Input" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + } + ] } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44695.json b/2021/44xxx/CVE-2021-44695.json index 8240d79ddb4d..8a56f7b32dad 100644 --- a/2021/44xxx/CVE-2021-44695.json +++ b/2021/44xxx/CVE-2021-44695.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44695", + "ASSIGNER": "productcert@siemens.com", "STATE": "PUBLIC" }, - "data_format": "MITRE", - "data_version": "4.0", - "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518-4F PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input", + "cweId": "CWE-1286" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -15,61 +36,815 @@ "product": { "product_data": [ { - "product_name": "SIMATIC Drive Controller family", + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.6.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511T-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1511TF-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512C-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1513R-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515T-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1515TF-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517T-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518-4F PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518T-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "product_name": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN", "version": { "version_data": [ { - "version_value": "All versions < V4.6.0" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { - "version_value": "All versions < V3.0.1" + "version_value": "All versions", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-1500 Software Controller", + "product_name": "SIMATIC S7-PLCSIM Advanced", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.0", + "version_affected": "=" } ] } }, { - "product_name": "SIMATIC S7-PLCSIM Advanced", + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1511F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1513F-1 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL", "version": { "version_data": [ { - "version_value": "All versions < V5.0" + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL", + "version": { + "version_data": [ + { + "version_value": "All versions", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1517H-3 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518F-4 PN/DP", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SIPLUS S7-1500 CPU 1518HF-4 PN", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0.1", + "version_affected": "=" } ] } @@ -79,7 +854,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -89,7 +865,8 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions", + "version_affected": "=" } ] } @@ -100,33 +877,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } + ] } } \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44732.json b/2021/44xxx/CVE-2021-44732.json index f85ee0547071..c68f8d6ac8e6 100644 --- a/2021/44xxx/CVE-2021-44732.json +++ b/2021/44xxx/CVE-2021-44732.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44732", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -50,6 +27,30 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -58,29 +59,34 @@ "name": "https://github.com/ARMmbed/mbedtls/releases" }, { - "refsource": "CONFIRM", - "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12", - "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12" + "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0", + "refsource": "MISC", + "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0" + }, + { + "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0", + "refsource": "MISC", + "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0" }, { - "refsource": "CONFIRM", - "name": "https://bugs.gentoo.org/829660", - "url": "https://bugs.gentoo.org/829660" + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html" }, { - "refsource": "CONFIRM", - "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12", - "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12" + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12" }, { - "refsource": "CONFIRM", - "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0", - "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0" + "url": "https://bugs.gentoo.org/829660", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/829660" }, { - "refsource": "CONFIRM", - "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0", - "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0" + "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12", + "refsource": "MISC", + "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12" } ] } diff --git a/2021/44xxx/CVE-2021-44758.json b/2021/44xxx/CVE-2021-44758.json index faa0d123f4c9..aea5fa8e1c58 100644 --- a/2021/44xxx/CVE-2021-44758.json +++ b/2021/44xxx/CVE-2021-44758.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44758", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv", + "refsource": "MISC", + "name": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv" + }, + { + "url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580", + "refsource": "MISC", + "name": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580" } ] } diff --git a/2021/44xxx/CVE-2021-44854.json b/2021/44xxx/CVE-2021-44854.json index 967069d1657b..7a666a434e36 100644 --- a/2021/44xxx/CVE-2021-44854.json +++ b/2021/44xxx/CVE-2021-44854.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T292763", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T292763" } ] } diff --git a/2021/44xxx/CVE-2021-44855.json b/2021/44xxx/CVE-2021-44855.json index 9a34db11cf6f..12d74d22efb7 100644 --- a/2021/44xxx/CVE-2021-44855.json +++ b/2021/44xxx/CVE-2021-44855.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T293589", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T293589" } ] } diff --git a/2021/44xxx/CVE-2021-44856.json b/2021/44xxx/CVE-2021-44856.json index fa032f1ba3d3..d2cb633bdfe7 100644 --- a/2021/44xxx/CVE-2021-44856.json +++ b/2021/44xxx/CVE-2021-44856.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T271037", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T271037" } ] } diff --git a/2021/45xxx/CVE-2021-45450.json b/2021/45xxx/CVE-2021-45450.json index 0870be4be57d..2695e3ac6861 100644 --- a/2021/45xxx/CVE-2021-45450.json +++ b/2021/45xxx/CVE-2021-45450.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-1dd9dc5140", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IL66WKJGXY5AXMTFE7QDMGL3RIBD6PX5/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-08", + "url": "https://security.gentoo.org/glsa/202301-08" } ] } diff --git a/2021/45xxx/CVE-2021-45466.json b/2021/45xxx/CVE-2021-45466.json index e59bac7e4a9b..6081c7d7293a 100644 --- a/2021/45xxx/CVE-2021-45466.json +++ b/2021/45xxx/CVE-2021-45466.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-45466", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://control-webpanel.com/changelog", + "refsource": "MISC", + "name": "https://control-webpanel.com/changelog" + }, + { + "url": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/", + "refsource": "MISC", + "name": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/" } ] } diff --git a/2021/45xxx/CVE-2021-45467.json b/2021/45xxx/CVE-2021-45467.json index bd6a49b74316..0c57b7ce8990 100644 --- a/2021/45xxx/CVE-2021-45467.json +++ b/2021/45xxx/CVE-2021-45467.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-45467", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "?" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://control-webpanel.com/changelog", + "refsource": "MISC", + "name": "https://control-webpanel.com/changelog" + }, + { + "url": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/", + "refsource": "MISC", + "name": "https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/" } ] } diff --git a/2021/46xxx/CVE-2021-46767.json b/2021/46xxx/CVE-2021-46767.json index a7640685aa46..1acf86ec9152 100644 --- a/2021/46xxx/CVE-2021-46767.json +++ b/2021/46xxx/CVE-2021-46767.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46768.json b/2021/46xxx/CVE-2021-46768.json index c95d85b12d85..5ea410289b6e 100644 --- a/2021/46xxx/CVE-2021-46768.json +++ b/2021/46xxx/CVE-2021-46768.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46779.json b/2021/46xxx/CVE-2021-46779.json index 5e7996479800..765e75964eba 100644 --- a/2021/46xxx/CVE-2021-46779.json +++ b/2021/46xxx/CVE-2021-46779.json @@ -1,18 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "1st Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "2nd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46784.json b/2021/46xxx/CVE-2021-46784.json index f295b9edc4dc..d91ec01806f0 100644 --- a/2021/46xxx/CVE-2021-46784.json +++ b/2021/46xxx/CVE-2021-46784.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2021-46784", "url": "https://security-tracker.debian.org/tracker/CVE-2021-46784" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221223-0007/", + "url": "https://security.netapp.com/advisory/ntap-20221223-0007/" } ] } diff --git a/2021/46xxx/CVE-2021-46791.json b/2021/46xxx/CVE-2021-46791.json index dfd4c09bf395..71c7edceaa19 100644 --- a/2021/46xxx/CVE-2021-46791.json +++ b/2021/46xxx/CVE-2021-46791.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AMD", + "product": { + "product_data": [ + { + "product_name": "3rd Gen EPYC", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1032", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46795.json b/2021/46xxx/CVE-2021-46795.json index b174cb1138ce..cffb8f2d2add 100644 --- a/2021/46xxx/CVE-2021-46795.json +++ b/2021/46xxx/CVE-2021-46795.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@amd.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": " AMD", + "product": { + "product_data": [ + { + "product_name": "Ryzen 5000 Series", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "Ryzen 3000 Series ", + "version": { + "version_data": [ + { + "version_value": "various ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031", + "refsource": "MISC", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "AMD-SB-1031", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46848.json b/2021/46xxx/CVE-2021-46848.json index 4fd1cc9337ec..ac8a868b8802 100644 --- a/2021/46xxx/CVE-2021-46848.json +++ b/2021/46xxx/CVE-2021-46848.json @@ -86,6 +86,16 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221118-0006/", "url": "https://security.netapp.com/advisory/ntap-20221118-0006/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-3f9ee1ad91", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html" } ] } diff --git a/2021/46xxx/CVE-2021-46853.json b/2021/46xxx/CVE-2021-46853.json index fedff9fc6dfb..31c3cac081e4 100644 --- a/2021/46xxx/CVE-2021-46853.json +++ b/2021/46xxx/CVE-2021-46853.json @@ -61,6 +61,11 @@ "url": "https://bugs.gentoo.org/807613", "refsource": "MISC", "name": "https://bugs.gentoo.org/807613" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-07", + "url": "https://security.gentoo.org/glsa/202301-07" } ] } diff --git a/2021/46xxx/CVE-2021-46856.json b/2021/46xxx/CVE-2021-46856.json index 46342809cec4..86442b7ee229 100644 --- a/2021/46xxx/CVE-2021-46856.json +++ b/2021/46xxx/CVE-2021-46856.json @@ -1,18 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal vulnerability" + } + ] } ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_value": "3.0.0", + "version_affected": "=" + }, + { + "version_value": "2.0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_value": "12.0.0", + "version_affected": "=" + }, + { + "version_value": "12.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397" + }, + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46857.json b/2021/46xxx/CVE-2021-46857.json new file mode 100644 index 000000000000..e43437bb40e0 --- /dev/null +++ b/2021/46xxx/CVE-2021-46857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46858.json b/2021/46xxx/CVE-2021-46858.json new file mode 100644 index 000000000000..c706df22176b --- /dev/null +++ b/2021/46xxx/CVE-2021-46858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46859.json b/2021/46xxx/CVE-2021-46859.json new file mode 100644 index 000000000000..0ff8ca57f5e2 --- /dev/null +++ b/2021/46xxx/CVE-2021-46859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46860.json b/2021/46xxx/CVE-2021-46860.json new file mode 100644 index 000000000000..e90f62084d52 --- /dev/null +++ b/2021/46xxx/CVE-2021-46860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46861.json b/2021/46xxx/CVE-2021-46861.json new file mode 100644 index 000000000000..26d7ee19dae2 --- /dev/null +++ b/2021/46xxx/CVE-2021-46861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46862.json b/2021/46xxx/CVE-2021-46862.json new file mode 100644 index 000000000000..d0986a564c3e --- /dev/null +++ b/2021/46xxx/CVE-2021-46862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46863.json b/2021/46xxx/CVE-2021-46863.json new file mode 100644 index 000000000000..793d882b2432 --- /dev/null +++ b/2021/46xxx/CVE-2021-46863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46864.json b/2021/46xxx/CVE-2021-46864.json new file mode 100644 index 000000000000..c80d7e607ce4 --- /dev/null +++ b/2021/46xxx/CVE-2021-46864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46865.json b/2021/46xxx/CVE-2021-46865.json new file mode 100644 index 000000000000..018da5c34869 --- /dev/null +++ b/2021/46xxx/CVE-2021-46865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46866.json b/2021/46xxx/CVE-2021-46866.json new file mode 100644 index 000000000000..f075ced3a6c1 --- /dev/null +++ b/2021/46xxx/CVE-2021-46866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46867.json b/2021/46xxx/CVE-2021-46867.json new file mode 100644 index 000000000000..0228d227edd2 --- /dev/null +++ b/2021/46xxx/CVE-2021-46867.json @@ -0,0 +1,79 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2021-46867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds memory access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166" + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46868.json b/2021/46xxx/CVE-2021-46868.json new file mode 100644 index 000000000000..2bbb717b08ac --- /dev/null +++ b/2021/46xxx/CVE-2021-46868.json @@ -0,0 +1,79 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2021-46868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds memory access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/1/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/1/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166" + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46869.json b/2021/46xxx/CVE-2021-46869.json new file mode 100644 index 000000000000..23214a83ea89 --- /dev/null +++ b/2021/46xxx/CVE-2021-46869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46870.json b/2021/46xxx/CVE-2021-46870.json new file mode 100644 index 000000000000..5c7dbbf516c7 --- /dev/null +++ b/2021/46xxx/CVE-2021-46870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46871.json b/2021/46xxx/CVE-2021-46871.json new file mode 100644 index 000000000000..6b434dff895c --- /dev/null +++ b/2021/46xxx/CVE-2021-46871.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-46871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/advisories/GHSA-j3gg-r6gp-95q2", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-j3gg-r6gp-95q2" + }, + { + "url": "https://github.com/phoenixframework/phoenix_html/commit/62a0139fb716bcdce697f6221244bd81d321d620", + "refsource": "MISC", + "name": "https://github.com/phoenixframework/phoenix_html/commit/62a0139fb716bcdce697f6221244bd81d321d620" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4028.json b/2021/4xxx/CVE-2021-4028.json index 0f96b2e80183..1857cbd74db6 100644 --- a/2021/4xxx/CVE-2021-4028.json +++ b/2021/4xxx/CVE-2021-4028.json @@ -68,6 +68,11 @@ "refsource": "MISC", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0002/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0002/" } ] }, diff --git a/2021/4xxx/CVE-2021-4126.json b/2021/4xxx/CVE-2021-4126.json index 6761fa21f75a..936bef44b9e4 100644 --- a/2021/4xxx/CVE-2021-4126.json +++ b/2021/4xxx/CVE-2021-4126.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.4.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OpenPGP signature status doesn't consider additional message content" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-55/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-55/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732310", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732310" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1." } ] } diff --git a/2021/4xxx/CVE-2021-4127.json b/2021/4xxx/CVE-2021-4127.json index 3671bb36fd00..fc7b205388e9 100644 --- a/2021/4xxx/CVE-2021-4127.json +++ b/2021/4xxx/CVE-2021-4127.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.9", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.9", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Angle graphics library out of date" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-12/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-12/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-11/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-11/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1691547", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1691547" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9." } ] } diff --git a/2021/4xxx/CVE-2021-4128.json b/2021/4xxx/CVE-2021-4128.json index 5798f4da6e48..729860ff4900 100644 --- a/2021/4xxx/CVE-2021-4128.json +++ b/2021/4xxx/CVE-2021-4128.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "95", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in fullscreen objects on MacOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-52/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735852", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735852" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.
*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95." } ] } diff --git a/2021/4xxx/CVE-2021-4129.json b/2021/4xxx/CVE-2021-4129.json index 8628e84c93dd..be374badd392 100644 --- a/2021/4xxx/CVE-2021-4129.json +++ b/2021/4xxx/CVE-2021-4129.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "95", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.4.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.4.0", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-53/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-53/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-54/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-54/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-52/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-52/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1393362%2C1736046%2C1736751%2C1737009%2C1739372%2C1739421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0." } ] } diff --git a/2021/4xxx/CVE-2021-4140.json b/2021/4xxx/CVE-2021-4140.json index 52cf3452b7b8..aad43315af24 100644 --- a/2021/4xxx/CVE-2021-4140.json +++ b/2021/4xxx/CVE-2021-4140.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Iframe sandbox bypass with XSLT" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746720", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746720" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2021/4xxx/CVE-2021-4204.json b/2021/4xxx/CVE-2021-4204.json index 919deab4604b..574dd7428e97 100644 --- a/2021/4xxx/CVE-2021-4204.json +++ b/2021/4xxx/CVE-2021-4204.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2021-4204", "url": "https://security-tracker.debian.org/tracker/CVE-2021-4204" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0003/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0003/" } ] }, diff --git a/2021/4xxx/CVE-2021-4221.json b/2021/4xxx/CVE-2021-4221.json index 80bbc99061df..199f84366451 100644 --- a/2021/4xxx/CVE-2021-4221.json +++ b/2021/4xxx/CVE-2021-4221.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address bar spoofing on Firefox for Android due to RTL characters" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704422", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1704422" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*
*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92." } ] } diff --git a/2021/4xxx/CVE-2021-4226.json b/2021/4xxx/CVE-2021-4226.json index a4e9f5e54420..099ea048579a 100644 --- a/2021/4xxx/CVE-2021-4226.json +++ b/2021/4xxx/CVE-2021-4226.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "RSFirewall!", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c0ed80c8-ebbf-4ed9-b02f-31660097c352" } ] - } + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Ruf" + } + ] } \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4235.json b/2021/4xxx/CVE-2021-4235.json index 90a47d222925..72c61ecd6b0c 100644 --- a/2021/4xxx/CVE-2021-4235.json +++ b/2021/4xxx/CVE-2021-4235.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4235", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gopkg.in/yaml.v2", + "product": { + "product_data": [ + { + "product_name": "gopkg.in/yaml.v2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/go-yaml/yaml/pull/375", + "refsource": "MISC", + "name": "https://github.com/go-yaml/yaml/pull/375" + }, + { + "url": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241", + "refsource": "MISC", + "name": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2021-0061", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2021-0061" } ] - } + }, + "credits": [ + { + "lang": "en", + "value": "@simonferquel" + } + ] } \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4236.json b/2021/4xxx/CVE-2021-4236.json index 8d84a0965535..6b2dc4f5817e 100644 --- a/2021/4xxx/CVE-2021-4236.json +++ b/2021/4xxx/CVE-2021-4236.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/ecnepsnai/web", + "product": { + "product_data": [ + { + "product_name": "github.com/ecnepsnai/web", + "version": { + "version_data": [ + { + "version_value": "1.4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f", + "refsource": "MISC", + "name": "https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2021-0107", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2021-0107" } ] } diff --git a/2021/4xxx/CVE-2021-4238.json b/2021/4xxx/CVE-2021-4238.json index bc0f23219040..ff041fddfa06 100644 --- a/2021/4xxx/CVE-2021-4238.json +++ b/2021/4xxx/CVE-2021-4238.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 330: Use of Insufficiently Random Values" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/Masterminds/goutils", + "product": { + "product_data": [ + { + "product_name": "github.com/Masterminds/goutils", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", + "refsource": "MISC", + "name": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-0411", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-0411" } ] } diff --git a/2021/4xxx/CVE-2021-4239.json b/2021/4xxx/CVE-2021-4239.json index f6d3044782bd..e448cd0b2100 100644 --- a/2021/4xxx/CVE-2021-4239.json +++ b/2021/4xxx/CVE-2021-4239.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4239", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@golang.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE 400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "github.com/flynn/noise", + "product": { + "product_data": [ + { + "product_name": "github.com/flynn/noise", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flynn/noise/pull/44", + "refsource": "MISC", + "name": "https://github.com/flynn/noise/pull/44" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2022-0425", + "refsource": "MISC", + "name": "https://pkg.go.dev/vuln/GO-2022-0425" } ] } diff --git a/2021/4xxx/CVE-2021-4245.json b/2021/4xxx/CVE-2021-4245.json new file mode 100644 index 000000000000..942d977eee19 --- /dev/null +++ b/2021/4xxx/CVE-2021-4245.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4245", + "TITLE": "chbrown rfc6902 pointer.ts prototype pollution", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "chbrown", + "product": { + "product_data": [ + { + "product_name": "rfc6902", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection -> CWE-94 Code Injection -> CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chbrown/rfc6902/pull/76", + "refsource": "MISC", + "name": "https://github.com/chbrown/rfc6902/pull/76" + }, + { + "url": "https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf", + "refsource": "MISC", + "name": "https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf" + }, + { + "url": "https://vuldb.com/?id.215883", + "refsource": "MISC", + "name": "https://vuldb.com/?id.215883" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4246.json b/2021/4xxx/CVE-2021-4246.json new file mode 100644 index 000000000000..085335a1a59b --- /dev/null +++ b/2021/4xxx/CVE-2021-4246.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4246", + "TITLE": "roxlukas LMeve Login Page sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "roxlukas", + "product": { + "product_data": [ + { + "product_name": "LMeve", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d", + "refsource": "MISC", + "name": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d" + }, + { + "url": "https://vuldb.com/?id.216176", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216176" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4247.json b/2021/4xxx/CVE-2021-4247.json new file mode 100644 index 000000000000..3ef7d7e76582 --- /dev/null +++ b/2021/4xxx/CVE-2021-4247.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4247", + "TITLE": "OWASP NodeGoat Query Parameter research.js denial of service", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OWASP", + "product": { + "product_data": [ + { + "product_name": "NodeGoat", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OWASP/NodeGoat/issues/225", + "refsource": "MISC", + "name": "https://github.com/OWASP/NodeGoat/issues/225" + }, + { + "url": "https://github.com/OWASP/NodeGoat/commit/4a4d1db74c63fb4ff8d366551c3af006c25ead12", + "refsource": "MISC", + "name": "https://github.com/OWASP/NodeGoat/commit/4a4d1db74c63fb4ff8d366551c3af006c25ead12" + }, + { + "url": "https://vuldb.com/?id.216184", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216184" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4248.json b/2021/4xxx/CVE-2021-4248.json new file mode 100644 index 000000000000..f30d9b626e73 --- /dev/null +++ b/2021/4xxx/CVE-2021-4248.json @@ -0,0 +1,90 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4248", + "TITLE": "kapetan dns Request.cs entropy", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "kapetan", + "product": { + "product_data": [ + { + "product_name": "dns", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-330 Insufficiently Random Values -> CWE-331 Insufficient Entropy -> CWE-332 Insufficient Entropy in PRNG" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.6", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kapetan/dns/pull/88", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/pull/88" + }, + { + "url": "https://github.com/kapetan/dns/releases/tag/v7.0.0", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/releases/tag/v7.0.0" + }, + { + "url": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6", + "refsource": "MISC", + "name": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6" + }, + { + "url": "https://vuldb.com/?id.216188", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216188" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4249.json b/2021/4xxx/CVE-2021-4249.json new file mode 100644 index 000000000000..0add7fcbfbe0 --- /dev/null +++ b/2021/4xxx/CVE-2021-4249.json @@ -0,0 +1,306 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4249", + "TITLE": "xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "xml-conduit", + "version": { + "version_data": [ + { + "version_value": "0.5.0" + }, + { + "version_value": "0.5.0.1" + }, + { + "version_value": "0.5.1" + }, + { + "version_value": "0.5.1.1" + }, + { + "version_value": "0.5.1.2" + }, + { + "version_value": "0.5.2" + }, + { + "version_value": "0.5.3" + }, + { + "version_value": "0.5.3.1" + }, + { + "version_value": "0.5.4" + }, + { + "version_value": "0.6.0" + }, + { + "version_value": "0.6.1" + }, + { + "version_value": "0.7.0" + }, + { + "version_value": "0.7.0.1" + }, + { + "version_value": "0.7.0.2" + }, + { + "version_value": "0.7.0.3" + }, + { + "version_value": "1.0.0" + }, + { + "version_value": "1.0.1" + }, + { + "version_value": "1.0.1.1" + }, + { + "version_value": "1.0.2" + }, + { + "version_value": "1.0.2.1" + }, + { + "version_value": "1.0.3" + }, + { + "version_value": "1.0.3.1" + }, + { + "version_value": "1.0.3.2" + }, + { + "version_value": "1.0.3.3" + }, + { + "version_value": "1.1.0" + }, + { + "version_value": "1.1.0.1" + }, + { + "version_value": "1.1.0.2" + }, + { + "version_value": "1.1.0.3" + }, + { + "version_value": "1.1.0.4" + }, + { + "version_value": "1.1.0.5" + }, + { + "version_value": "1.1.0.6" + }, + { + "version_value": "1.1.0.7" + }, + { + "version_value": "1.1.0.8" + }, + { + "version_value": "1.1.0.9" + }, + { + "version_value": "1.2.0" + }, + { + "version_value": "1.2.0.1" + }, + { + "version_value": "1.2.0.2" + }, + { + "version_value": "1.2.0.3" + }, + { + "version_value": "1.2.1" + }, + { + "version_value": "1.2.1.1" + }, + { + "version_value": "1.2.2" + }, + { + "version_value": "1.2.3" + }, + { + "version_value": "1.2.3.1" + }, + { + "version_value": "1.2.3.2" + }, + { + "version_value": "1.2.3.3" + }, + { + "version_value": "1.2.4" + }, + { + "version_value": "1.2.5" + }, + { + "version_value": "1.2.5.1" + }, + { + "version_value": "1.2.6" + }, + { + "version_value": "1.3.0" + }, + { + "version_value": "1.3.1" + }, + { + "version_value": "1.3.2" + }, + { + "version_value": "1.3.3" + }, + { + "version_value": "1.3.3.1" + }, + { + "version_value": "1.3.4" + }, + { + "version_value": "1.3.4.1" + }, + { + "version_value": "1.3.4.2" + }, + { + "version_value": "1.3.5" + }, + { + "version_value": "1.4.0" + }, + { + "version_value": "1.4.0.1" + }, + { + "version_value": "1.4.0.2" + }, + { + "version_value": "1.4.0.3" + }, + { + "version_value": "1.4.0.4" + }, + { + "version_value": "1.5.0" + }, + { + "version_value": "1.5.1" + }, + { + "version_value": "1.6.0" + }, + { + "version_value": "1.7.0" + }, + { + "version_value": "1.7.0.1" + }, + { + "version_value": "1.7.1.0" + }, + { + "version_value": "1.7.1.1" + }, + { + "version_value": "1.7.1.2" + }, + { + "version_value": "1.8.0" + }, + { + "version_value": "1.8.0.1" + }, + { + "version_value": "1.9.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service -> CWE-835 Infinite Loop" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/snoyberg/xml/pull/161", + "refsource": "MISC", + "name": "https://github.com/snoyberg/xml/pull/161" + }, + { + "url": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0", + "refsource": "MISC", + "name": "https://hackage.haskell.org/package/xml-conduit-1.9.1.0" + }, + { + "url": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea", + "refsource": "MISC", + "name": "https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea" + }, + { + "url": "https://vuldb.com/?id.216204", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216204" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4250.json b/2021/4xxx/CVE-2021-4250.json new file mode 100644 index 000000000000..0c194bf2c3da --- /dev/null +++ b/2021/4xxx/CVE-2021-4250.json @@ -0,0 +1,112 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4250", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in cgriego active_attr bis 0.15.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion call der Datei lib/active_attr/typecasting/boolean_typecaster.rb der Komponente Regex Handler. Mit der Manipulation des Arguments value mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.15.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dab95e5843b01525444b82bd7b336ef1d79377df bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cgriego", + "product": { + "product_data": [ + { + "product_name": "active_attr", + "version": { + "version_data": [ + { + "version_value": "0.15.0", + "version_affected": "=" + }, + { + "version_value": "0.15.1", + "version_affected": "=" + }, + { + "version_value": "0.15.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cgriego/active_attr/issues/184", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/issues/184" + }, + { + "url": "https://github.com/cgriego/active_attr/pull/185", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/pull/185" + }, + { + "url": "https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/commit/dab95e5843b01525444b82bd7b336ef1d79377df" + }, + { + "url": "https://vuldb.com/?id.216207", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216207" + }, + { + "url": "https://github.com/cgriego/active_attr/releases/tag/v0.15.3", + "refsource": "MISC", + "name": "https://github.com/cgriego/active_attr/releases/tag/v0.15.3" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4251.json b/2021/4xxx/CVE-2021-4251.json new file mode 100644 index 000000000000..2fe12e50251d --- /dev/null +++ b/2021/4xxx/CVE-2021-4251.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4251", + "TITLE": "as include.cdn.php getFullURL cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "as", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd", + "refsource": "MISC", + "name": "https://github.com/andrewsauder/as/commit/4acad1e3d2c34c017473ceea442fb3e3e078b2bd" + }, + { + "url": "https://vuldb.com/?id.216208", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216208" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4252.json b/2021/4xxx/CVE-2021-4252.json new file mode 100644 index 000000000000..8db896c87fb3 --- /dev/null +++ b/2021/4xxx/CVE-2021-4252.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4252", + "TITLE": "WP-Ban ban-options.php toggle_checkbox cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "WP-Ban", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER[\"HTTP_USER_AGENT\"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lesterchan/wp-ban/pull/11", + "refsource": "MISC", + "name": "https://github.com/lesterchan/wp-ban/pull/11" + }, + { + "url": "https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76", + "refsource": "MISC", + "name": "https://github.com/lesterchan/wp-ban/commit/13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76" + }, + { + "url": "https://vuldb.com/?id.216209", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216209" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4253.json b/2021/4xxx/CVE-2021-4253.json new file mode 100644 index 000000000000..0eab82c727dc --- /dev/null +++ b/2021/4xxx/CVE-2021-4253.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4253", + "TITLE": "ctrlo lenio Ticket Lenio.pm cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctrlo/lenio/commit/7a1f90bd2a0ce95b8338ec0926902da975ec64d9", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/7a1f90bd2a0ce95b8338ec0926902da975ec64d9" + }, + { + "url": "https://vuldb.com/?id.216210", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216210" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4254.json b/2021/4xxx/CVE-2021-4254.json new file mode 100644 index 000000000000..2ce892964966 --- /dev/null +++ b/2021/4xxx/CVE-2021-4254.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4254", + "TITLE": "ctrlo lenio Notice main.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctrlo/lenio/commit/aa300555343c1c081951fcb68bfb6852fbba7451", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/aa300555343c1c081951fcb68bfb6852fbba7451" + }, + { + "url": "https://vuldb.com/?id.216211", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216211" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4255.json b/2021/4xxx/CVE-2021-4255.json new file mode 100644 index 000000000000..ae341c17be62 --- /dev/null +++ b/2021/4xxx/CVE-2021-4255.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4255", + "TITLE": "ctrlo lenio contractor.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + }, + { + "url": "https://vuldb.com/?id.216212", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216212" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4256.json b/2021/4xxx/CVE-2021-4256.json new file mode 100644 index 000000000000..100a816e2768 --- /dev/null +++ b/2021/4xxx/CVE-2021-4256.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4256", + "TITLE": "ctrlo lenio index.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views/index.tt. The manipulation of the argument task.name/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97" + }, + { + "url": "https://vuldb.com/?id.216213", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216213" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4257.json b/2021/4xxx/CVE-2021-4257.json new file mode 100644 index 000000000000..f9da0366bbf0 --- /dev/null +++ b/2021/4xxx/CVE-2021-4257.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4257", + "TITLE": "ctrlo lenio Task task.tt cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ctrlo", + "product": { + "product_data": [ + { + "product_name": "lenio", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctrlo/lenio/commit/698c5fa465169d6f23c6a41ca4b1fc9a7869013a", + "refsource": "MISC", + "name": "https://github.com/ctrlo/lenio/commit/698c5fa465169d6f23c6a41ca4b1fc9a7869013a" + }, + { + "url": "https://vuldb.com/?id.216214", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216214" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4258.json b/2021/4xxx/CVE-2021-4258.json new file mode 100644 index 000000000000..c01f31d7358f --- /dev/null +++ b/2021/4xxx/CVE-2021-4258.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4258", + "TITLE": "whohas Package Information cleartext transmission", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "whohas", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310 Cryptographic Issues -> CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.7", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472", + "refsource": "MISC", + "name": "https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472" + }, + { + "url": "https://vuldb.com/?id.216251", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216251" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4259.json b/2021/4xxx/CVE-2021-4259.json new file mode 100644 index 000000000000..d5f49ebefb39 --- /dev/null +++ b/2021/4xxx/CVE-2021-4259.json @@ -0,0 +1,98 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4259", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in phpRedisAdmin bis 1.16.1 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion authHttpDigest der Datei includes/login.inc.php. Durch das Manipulieren des Arguments response mit unbekannten Daten kann eine use of wrong operator in string comparison-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.16.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 31aa7661e6db6f4dffbf9a635817832a0a11c7d9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-597 Use of Wrong Operator in String Comparison", + "cweId": "CWE-597" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "phpRedisAdmin", + "version": { + "version_data": [ + { + "version_value": "1.16.0", + "version_affected": "=" + }, + { + "version_value": "1.16.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9", + "refsource": "MISC", + "name": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/31aa7661e6db6f4dffbf9a635817832a0a11c7d9" + }, + { + "url": "https://vuldb.com/?id.216267", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216267" + }, + { + "url": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2", + "refsource": "MISC", + "name": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.16.2" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4260.json b/2021/4xxx/CVE-2021-4260.json new file mode 100644 index 000000000000..780c1a0185a7 --- /dev/null +++ b/2021/4xxx/CVE-2021-4260.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4260", + "TITLE": "oils-js Web.js redirect", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "oils-js", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 Open Redirect" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mannyvergel/oils-js/commit/fad8fbae824a7d367dacb90d56cb02c5cb999d42", + "refsource": "MISC", + "name": "https://github.com/mannyvergel/oils-js/commit/fad8fbae824a7d367dacb90d56cb02c5cb999d42" + }, + { + "url": "https://vuldb.com/?id.216268", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216268" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4261.json b/2021/4xxx/CVE-2021-4261.json new file mode 100644 index 000000000000..37739a12b2ab --- /dev/null +++ b/2021/4xxx/CVE-2021-4261.json @@ -0,0 +1,97 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4261", + "TITLE": "pacman-canvas db-handler.php addHighscore sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "pacman-canvas", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + }, + { + "version_value": "1.0.1" + }, + { + "version_value": "1.0.2" + }, + { + "version_value": "1.0.3" + }, + { + "version_value": "1.0.4" + }, + { + "version_value": "1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/platzhersh/pacman-canvas/commit/29522c90ca1cebfce6453a5af5a45281d99b0646", + "refsource": "MISC", + "name": "https://github.com/platzhersh/pacman-canvas/commit/29522c90ca1cebfce6453a5af5a45281d99b0646" + }, + { + "url": "https://github.com/platzhersh/pacman-canvas/releases/tag/1.0.6", + "refsource": "MISC", + "name": "https://github.com/platzhersh/pacman-canvas/releases/tag/1.0.6" + }, + { + "url": "https://vuldb.com/?id.216270", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216270" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4262.json b/2021/4xxx/CVE-2021-4262.json new file mode 100644 index 000000000000..f29d731b883e --- /dev/null +++ b/2021/4xxx/CVE-2021-4262.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4262", + "TITLE": "laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "laravel-jqgrid", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.5", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mgallegos/laravel-jqgrid/pull/72", + "refsource": "MISC", + "name": "https://github.com/mgallegos/laravel-jqgrid/pull/72" + }, + { + "url": "https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e", + "refsource": "MISC", + "name": "https://github.com/mgallegos/laravel-jqgrid/commit/fbc2d94f43d0dc772767a5bdb2681133036f935e" + }, + { + "url": "https://vuldb.com/?id.216271", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216271" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4263.json b/2021/4xxx/CVE-2021-4263.json new file mode 100644 index 000000000000..0a60d3dd0aec --- /dev/null +++ b/2021/4xxx/CVE-2021-4263.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4263", + "TITLE": "leanote history.js define cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "leanote", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in leanote. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The name of the patch is https:/github.com/leanote/leanote/commit/0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leanote/leanote/commit/0f9733c890077942150696dcc6d2b1482b7a0a19", + "refsource": "MISC", + "name": "https://github.com/leanote/leanote/commit/0f9733c890077942150696dcc6d2b1482b7a0a19" + }, + { + "url": "https://vuldb.com/?id.216461", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216461" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4264.json b/2021/4xxx/CVE-2021-4264.json new file mode 100644 index 000000000000..9e5b70898fde --- /dev/null +++ b/2021/4xxx/CVE-2021-4264.json @@ -0,0 +1,109 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4264", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in LinkedIn dustjs bis 2.x gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Mittels Manipulieren mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ddb6523832465d38c9d80189e9de60519ac307c3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LinkedIn", + "product": { + "product_data": [ + { + "product_name": "dustjs", + "version": { + "version_data": [ + { + "version_value": "2.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/linkedin/dustjs/issues/804", + "refsource": "MISC", + "name": "https://github.com/linkedin/dustjs/issues/804" + }, + { + "url": "https://github.com/linkedin/dustjs/pull/805", + "refsource": "MISC", + "name": "https://github.com/linkedin/dustjs/pull/805" + }, + { + "url": "https://github.com/linkedin/dustjs/commit/ddb6523832465d38c9d80189e9de60519ac307c3", + "refsource": "MISC", + "name": "https://github.com/linkedin/dustjs/commit/ddb6523832465d38c9d80189e9de60519ac307c3" + }, + { + "url": "https://vuldb.com/?id.216464", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216464" + }, + { + "url": "https://vuldb.com/?ctiid.216464", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216464" + }, + { + "url": "https://github.com/linkedin/dustjs/releases/tag/v3.0.0", + "refsource": "MISC", + "name": "https://github.com/linkedin/dustjs/releases/tag/v3.0.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4265.json b/2021/4xxx/CVE-2021-4265.json new file mode 100644 index 000000000000..24178b74dd01 --- /dev/null +++ b/2021/4xxx/CVE-2021-4265.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4265", + "TITLE": "siwapp-ror cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "siwapp-ror", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in siwapp-ror. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 924d16008cfcc09356c87db01848e45290cb58ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216467." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/siwapp/siwapp-ror/pull/365", + "refsource": "MISC", + "name": "https://github.com/siwapp/siwapp-ror/pull/365" + }, + { + "url": "https://github.com/siwapp/siwapp-ror/commit/924d16008cfcc09356c87db01848e45290cb58ca", + "refsource": "MISC", + "name": "https://github.com/siwapp/siwapp-ror/commit/924d16008cfcc09356c87db01848e45290cb58ca" + }, + { + "url": "https://vuldb.com/?id.216467", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216467" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4266.json b/2021/4xxx/CVE-2021-4266.json new file mode 100644 index 000000000000..19da8059b89b --- /dev/null +++ b/2021/4xxx/CVE-2021-4266.json @@ -0,0 +1,87 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4266", + "TITLE": "Webdetails cpf DependenciesPackage.java cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Webdetails", + "product": { + "product_data": [ + { + "product_name": "cpf", + "version": { + "version_data": [ + { + "version_value": "9.5.0.0-80" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/siwapp/siwapp-ror/pull/365", + "refsource": "MISC", + "name": "https://github.com/siwapp/siwapp-ror/pull/365" + }, + { + "url": "https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81", + "refsource": "MISC", + "name": "https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81" + }, + { + "url": "https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174", + "refsource": "MISC", + "name": "https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174" + }, + { + "url": "https://vuldb.com/?id.216468", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216468" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4267.json b/2021/4xxx/CVE-2021-4267.json new file mode 100644 index 000000000000..500f3bfc3ced --- /dev/null +++ b/2021/4xxx/CVE-2021-4267.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4267", + "TITLE": "tad_discuss cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "tad_discuss", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in tad_discuss. Affected by this vulnerability is an unknown functionality. The manipulation of the argument DiscussTitle leads to cross site scripting. The attack can be launched remotely. The name of the patch is af94d034ff8db642d05fd8788179eab05f433958. It is recommended to apply a patch to fix this issue. The identifier VDB-216469 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tad0616/tad_discuss/pull/19", + "refsource": "MISC", + "name": "https://github.com/tad0616/tad_discuss/pull/19" + }, + { + "url": "https://github.com/tad0616/tad_discuss/commit/af94d034ff8db642d05fd8788179eab05f433958", + "refsource": "MISC", + "name": "https://github.com/tad0616/tad_discuss/commit/af94d034ff8db642d05fd8788179eab05f433958" + }, + { + "url": "https://vuldb.com/?id.216469", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216469" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4268.json b/2021/4xxx/CVE-2021-4268.json new file mode 100644 index 000000000000..da902241e099 --- /dev/null +++ b/2021/4xxx/CVE-2021-4268.json @@ -0,0 +1,109 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4268", + "TITLE": "phpRedisAdmin cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "phpRedisAdmin", + "version": { + "version_data": [ + { + "version_value": "1.14.0" + }, + { + "version_value": "1.14.1" + }, + { + "version_value": "1.15.0" + }, + { + "version_value": "1.16.0" + }, + { + "version_value": "1.16.1" + }, + { + "version_value": "1.16.2" + }, + { + "version_value": "1.17.0" + }, + { + "version_value": "1.17.1" + }, + { + "version_value": "1.17.2" + }, + { + "version_value": "1.17.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/b9039adbb264c81333328faa9575ecf8e0d2be94", + "refsource": "MISC", + "name": "https://github.com/erikdubbelboer/phpRedisAdmin/commit/b9039adbb264c81333328faa9575ecf8e0d2be94" + }, + { + "url": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.18.0", + "refsource": "MISC", + "name": "https://github.com/erikdubbelboer/phpRedisAdmin/releases/tag/v1.18.0" + }, + { + "url": "https://vuldb.com/?id.216471", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216471" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4269.json b/2021/4xxx/CVE-2021-4269.json new file mode 100644 index 000000000000..290b769f8e9d --- /dev/null +++ b/2021/4xxx/CVE-2021-4269.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4269", + "TITLE": "SimpleRisk common.js checkAndSetValidation cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "SimpleRisk", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SimpleRisk and classified as problematic. This vulnerability affects the function checkAndSetValidation of the file simplerisk/js/common.js. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 20220306-001 is able to address this issue. The name of the patch is 591405b4ed160fbefc1dca1e55c5745079a7bb48. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216472." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/simplerisk/code/commit/591405b4ed160fbefc1dca1e55c5745079a7bb48", + "refsource": "MISC", + "name": "https://github.com/simplerisk/code/commit/591405b4ed160fbefc1dca1e55c5745079a7bb48" + }, + { + "url": "https://github.com/simplerisk/code/releases/tag/20220306-001", + "refsource": "MISC", + "name": "https://github.com/simplerisk/code/releases/tag/20220306-001" + }, + { + "url": "https://vuldb.com/?id.216472", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216472" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4270.json b/2021/4xxx/CVE-2021-4270.json new file mode 100644 index 000000000000..da77e3170961 --- /dev/null +++ b/2021/4xxx/CVE-2021-4270.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4270", + "TITLE": "Imprint CMS ViewHelpers.cs SearchForm cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Imprint CMS", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Imprint CMS. It has been classified as problematic. Affected is the function SearchForm of the file ImprintCMS/Models/ViewHelpers.cs. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6140b140ccd02b5e4e7d6ba013ac1225724487f4. It is recommended to apply a patch to fix this issue. VDB-216474 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/peders/Imprint-CMS/commit/6140b140ccd02b5e4e7d6ba013ac1225724487f4", + "refsource": "MISC", + "name": "https://github.com/peders/Imprint-CMS/commit/6140b140ccd02b5e4e7d6ba013ac1225724487f4" + }, + { + "url": "https://vuldb.com/?id.216474", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216474" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4271.json b/2021/4xxx/CVE-2021-4271.json new file mode 100644 index 000000000000..1fea882652a8 --- /dev/null +++ b/2021/4xxx/CVE-2021-4271.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4271", + "TITLE": "panicsteve w2wiki Markdown index.php toHTML cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "panicsteve", + "product": { + "product_data": [ + { + "product_name": "w2wiki", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in panicsteve w2wiki. It has been rated as problematic. Affected by this issue is the function toHTML of the file index.php of the component Markdown Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8f1d0470b4ddb1c7699e3308e765c11ed29542b6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216476." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/panicsteve/w2wiki/commit/8f1d0470b4ddb1c7699e3308e765c11ed29542b6", + "refsource": "MISC", + "name": "https://github.com/panicsteve/w2wiki/commit/8f1d0470b4ddb1c7699e3308e765c11ed29542b6" + }, + { + "url": "https://vuldb.com/?id.216476", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216476" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4272.json b/2021/4xxx/CVE-2021-4272.json new file mode 100644 index 000000000000..3f99bd1433e9 --- /dev/null +++ b/2021/4xxx/CVE-2021-4272.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4272", + "TITLE": "studygolang topics.js cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "studygolang", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in studygolang. This affects an unknown part of the file static/js/topics.js. The manipulation of the argument contentHtml leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 0fb30f9640bd5fa0cae58922eac6c00bb1a94391. It is recommended to apply a patch to fix this issue. The identifier VDB-216477 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/studygolang/studygolang/commit/0fb30f9640bd5fa0cae58922eac6c00bb1a94391", + "refsource": "MISC", + "name": "https://github.com/studygolang/studygolang/commit/0fb30f9640bd5fa0cae58922eac6c00bb1a94391" + }, + { + "url": "https://vuldb.com/?id.216477", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216477" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4273.json b/2021/4xxx/CVE-2021-4273.json new file mode 100644 index 000000000000..1407f8bb27dd --- /dev/null +++ b/2021/4xxx/CVE-2021-4273.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4273", + "TITLE": "studygolang search.go Search cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "studygolang", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in studygolang. This vulnerability affects the function Search of the file http/controller/search.go. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23. It is recommended to apply a patch to fix this issue. VDB-216478 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/studygolang/studygolang/pull/158", + "refsource": "MISC", + "name": "https://github.com/studygolang/studygolang/pull/158" + }, + { + "url": "https://github.com/studygolang/studygolang/commit/97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23", + "refsource": "MISC", + "name": "https://github.com/studygolang/studygolang/commit/97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23" + }, + { + "url": "https://vuldb.com/?id.216478", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216478" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4274.json b/2021/4xxx/CVE-2021-4274.json new file mode 100644 index 000000000000..88801df654f6 --- /dev/null +++ b/2021/4xxx/CVE-2021-4274.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4274", + "TITLE": "sileht bird-lg layout.html cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sileht", + "product": { + "product_data": [ + { + "product_name": "bird-lg", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216479." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sileht/bird-lg/pull/82", + "refsource": "MISC", + "name": "https://github.com/sileht/bird-lg/pull/82" + }, + { + "url": "https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308", + "refsource": "MISC", + "name": "https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308" + }, + { + "url": "https://vuldb.com/?id.216479", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216479" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4275.json b/2021/4xxx/CVE-2021-4275.json new file mode 100644 index 000000000000..6262f5851d99 --- /dev/null +++ b/2021/4xxx/CVE-2021-4275.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4275", + "TITLE": "katlings pyambic-pentameter cross-site request forgery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "katlings", + "product": { + "product_data": [ + { + "product_name": "pyambic-pentameter", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization -> CWE-862 Missing Authorization -> CWE-352 Cross-Site Request Forgery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/katlings/pyambic-pentameter/commit/974f21aa1b2527ef39c8afe1a5060548217deca8", + "refsource": "MISC", + "name": "https://github.com/katlings/pyambic-pentameter/commit/974f21aa1b2527ef39c8afe1a5060548217deca8" + }, + { + "url": "https://vuldb.com/?id.216498", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216498" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4276.json b/2021/4xxx/CVE-2021-4276.json new file mode 100644 index 000000000000..7cbca96a582d --- /dev/null +++ b/2021/4xxx/CVE-2021-4276.json @@ -0,0 +1,93 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4276", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don\u2019t believe this specific attack is possible without such a compromise of the Data Manager server." + }, + { + "lang": "deu", + "value": "** DISPUTED ** ** UNSUPPPORTED WHEN ASSIGNED **Eine problematische Schwachstelle wurde in dns-stats hedgehog ausgemacht. Es geht hierbei um die Funktion DSCIOManager::dsc_import_input_from_source der Datei src/DSCIOManager.cpp. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden. Der Patch wird als 58922c345d3d1fe89bb2020111873a3e07ca93ac bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dns-stats", + "product": { + "product_data": [ + { + "product_name": "hedgehog", + "version": { + "version_data": [ + { + "version_value": "before 58922c345d3d1fe89bb2020111873a3e07ca93ac" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216746", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216746" + }, + { + "url": "https://github.com/dns-stats/hedgehog/pull/190", + "refsource": "MISC", + "name": "https://github.com/dns-stats/hedgehog/pull/190" + }, + { + "url": "https://github.com/dns-stats/hedgehog/commit/58922c345d3d1fe89bb2020111873a3e07ca93ac", + "refsource": "MISC", + "name": "https://github.com/dns-stats/hedgehog/commit/58922c345d3d1fe89bb2020111873a3e07ca93ac" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.1, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4277.json b/2021/4xxx/CVE-2021-4277.json new file mode 100644 index 000000000000..104a3e301297 --- /dev/null +++ b/2021/4xxx/CVE-2021-4277.json @@ -0,0 +1,89 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4277", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in fredsmith utils entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei screenshot_sync der Komponente Filename Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine predictable from observable state-Schwachstelle ausgenutzt werden. Der Patch wird als dbab1b66955eeb3d76b34612b358307f5c4e3944 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-341 Predictable from Observable State", + "cweId": "CWE-341" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "fredsmith", + "product": { + "product_data": [ + { + "product_name": "utils", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216749", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216749" + }, + { + "url": "https://github.com/fredsmith/utils/commit/dbab1b66955eeb3d76b34612b358307f5c4e3944", + "refsource": "MISC", + "name": "https://github.com/fredsmith/utils/commit/dbab1b66955eeb3d76b34612b358307f5c4e3944" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4278.json b/2021/4xxx/CVE-2021-4278.json new file mode 100644 index 000000000000..32d83a6dbdb3 --- /dev/null +++ b/2021/4xxx/CVE-2021-4278.json @@ -0,0 +1,119 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4278", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in cronvel tree-kit bis 0.6.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.7.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a63f559c50d70e8cb2eaae670dec25d1dbc4afcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cronvel", + "product": { + "product_data": [ + { + "product_name": "tree-kit", + "version": { + "version_data": [ + { + "version_value": "0.1", + "version_affected": "=" + }, + { + "version_value": "0.2", + "version_affected": "=" + }, + { + "version_value": "0.3", + "version_affected": "=" + }, + { + "version_value": "0.4", + "version_affected": "=" + }, + { + "version_value": "0.5", + "version_affected": "=" + }, + { + "version_value": "0.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216765", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216765" + }, + { + "url": "https://vuldb.com/?ctiid.216765", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216765" + }, + { + "url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd", + "refsource": "MISC", + "name": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd" + }, + { + "url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0", + "refsource": "MISC", + "name": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4279.json b/2021/4xxx/CVE-2021-4279.json new file mode 100644 index 000000000000..7beae5155d18 --- /dev/null +++ b/2021/4xxx/CVE-2021-4279.json @@ -0,0 +1,108 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4279", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 7ad6af41eabb2d799f698740a91284d762c955c9. It is recommended to upgrade the affected component. VDB-216778 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Starcounter-Jack JSON-Patch bis 3.1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion. Dank Manipulation mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7ad6af41eabb2d799f698740a91284d762c955c9 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Starcounter-Jack", + "product": { + "product_data": [ + { + "product_name": "JSON-Patch", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "=" + }, + { + "version_value": "3.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216778", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216778" + }, + { + "url": "https://vuldb.com/?ctiid.216778", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216778" + }, + { + "url": "https://github.com/Starcounter-Jack/JSON-Patch/pull/262", + "refsource": "MISC", + "name": "https://github.com/Starcounter-Jack/JSON-Patch/pull/262" + }, + { + "url": "https://github.com/Starcounter-Jack/JSON-Patch/commit/7ad6af41eabb2d799f698740a91284d762c955c9", + "refsource": "MISC", + "name": "https://github.com/Starcounter-Jack/JSON-Patch/commit/7ad6af41eabb2d799f698740a91284d762c955c9" + }, + { + "url": "https://github.com/Starcounter-Jack/JSON-Patch/releases/tag/3.1.1", + "refsource": "MISC", + "name": "https://github.com/Starcounter-Jack/JSON-Patch/releases/tag/3.1.1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4280.json b/2021/4xxx/CVE-2021-4280.json new file mode 100644 index 000000000000..6003368f9625 --- /dev/null +++ b/2021/4xxx/CVE-2021-4280.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4280", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in styler_praat_scripts. It has been classified as problematic. Affected is an unknown function of the file file_segmenter.praat of the component Slash Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The name of the patch is 0cad44aa4a3eb0ecdba071c10eaff16023d8b35f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216780." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in styler_praat_scripts ausgemacht. Es betrifft eine unbekannte Funktion der Datei file_segmenter.praat der Komponente Slash Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 0cad44aa4a3eb0ecdba071c10eaff16023d8b35f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "styler_praat_scripts", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216780", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216780" + }, + { + "url": "https://vuldb.com/?ctiid.216780", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216780" + }, + { + "url": "https://github.com/stylerw/styler_praat_scripts/commit/0cad44aa4a3eb0ecdba071c10eaff16023d8b35f", + "refsource": "MISC", + "name": "https://github.com/stylerw/styler_praat_scripts/commit/0cad44aa4a3eb0ecdba071c10eaff16023d8b35f" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4281.json b/2021/4xxx/CVE-2021-4281.json new file mode 100644 index 000000000000..1ec3ca4e475d --- /dev/null +++ b/2021/4xxx/CVE-2021-4281.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4281", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Brave UX for-the-badge gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei .github/workflows/combine-prs.yml. Durch Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Patch wird als 55b5a234c0fab935df5fb08365bc8fe9c37cf46b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Brave UX", + "product": { + "product_data": [ + { + "product_name": "for-the-badge", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216842", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216842" + }, + { + "url": "https://vuldb.com/?ctiid.216842", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216842" + }, + { + "url": "https://github.com/BraveUX/for-the-badge/pull/165", + "refsource": "MISC", + "name": "https://github.com/BraveUX/for-the-badge/pull/165" + }, + { + "url": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b", + "refsource": "MISC", + "name": "https://github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4282.json b/2021/4xxx/CVE-2021-4282.json new file mode 100644 index 000000000000..e1bb8efb4b25 --- /dev/null +++ b/2021/4xxx/CVE-2021-4282.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4282", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is 12e1469ef9208eda9d8955206e78345949236ee6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216871." + }, + { + "lang": "deu", + "value": "In FreePBX voicemail wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei page.voicemail.php. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 14.0.6.25 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 12e1469ef9208eda9d8955206e78345949236ee6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreePBX", + "product": { + "product_data": [ + { + "product_name": "voicemail", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216871", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216871" + }, + { + "url": "https://vuldb.com/?ctiid.216871", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216871" + }, + { + "url": "https://github.com/FreePBX/voicemail/commit/12e1469ef9208eda9d8955206e78345949236ee6", + "refsource": "MISC", + "name": "https://github.com/FreePBX/voicemail/commit/12e1469ef9208eda9d8955206e78345949236ee6" + }, + { + "url": "https://github.com/FreePBX/voicemail/releases/tag/release%2F14.0.6.25", + "refsource": "MISC", + "name": "https://github.com/FreePBX/voicemail/releases/tag/release%2F14.0.6.25" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4283.json b/2021/4xxx/CVE-2021-4283.json new file mode 100644 index 000000000000..334f266ded8a --- /dev/null +++ b/2021/4xxx/CVE-2021-4283.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4283", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched remotely. Upgrading to version 14.0.6.25 is able to address this issue. The name of the patch is ffce4882016076acd16fe0f676246905aa3cb2f3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216872." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in FreeBPX voicemail ausgemacht. Dies betrifft einen unbekannten Teil der Datei views/ssettings.php der Komponente Settings Handler. Durch das Manipulieren des Arguments key mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 14.0.6.25 vermag dieses Problem zu l\u00f6sen. Der Patch wird als ffce4882016076acd16fe0f676246905aa3cb2f3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBPX", + "product": { + "product_data": [ + { + "product_name": "voicemail", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreePBX/voicemail/releases/tag/release%2F14.0.6.25", + "refsource": "MISC", + "name": "https://github.com/FreePBX/voicemail/releases/tag/release%2F14.0.6.25" + }, + { + "url": "https://vuldb.com/?id.216872", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216872" + }, + { + "url": "https://vuldb.com/?ctiid.216872", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216872" + }, + { + "url": "https://github.com/FreePBX/voicemail/commit/ffce4882016076acd16fe0f676246905aa3cb2f3", + "refsource": "MISC", + "name": "https://github.com/FreePBX/voicemail/commit/ffce4882016076acd16fe0f676246905aa3cb2f3" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4284.json b/2021/4xxx/CVE-2021-4284.json new file mode 100644 index 000000000000..5f19f6ca2fff --- /dev/null +++ b/2021/4xxx/CVE-2021-4284.json @@ -0,0 +1,109 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4284", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 811990972ea07649ae33c4b56c61c3b520895f07. It is recommended to upgrade the affected component. The identifier VDB-216873 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in OpenMRS HTML Form Entry UI Framework Integration Module bis 1.x entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 811990972ea07649ae33c4b56c61c3b520895f07 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "HTML Form Entry UI Framework Integration Module", + "version": { + "version_data": [ + { + "version_value": "1.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216873", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216873" + }, + { + "url": "https://vuldb.com/?ctiid.216873", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216873" + }, + { + "url": "https://github.com/openmrs/openmrs-module-htmlformentryui/pull/51", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-htmlformentryui/pull/51" + }, + { + "url": "https://issues.openmrs.org/browse/RA-1424?filter=-1", + "refsource": "MISC", + "name": "https://issues.openmrs.org/browse/RA-1424?filter=-1" + }, + { + "url": "https://github.com/openmrs/openmrs-module-htmlformentryui/commit/811990972ea07649ae33c4b56c61c3b520895f07", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-htmlformentryui/commit/811990972ea07649ae33c4b56c61c3b520895f07" + }, + { + "url": "https://github.com/openmrs/openmrs-module-htmlformentryui/releases/tag/2.0.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-htmlformentryui/releases/tag/2.0.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4285.json b/2021/4xxx/CVE-2021-4285.json new file mode 100644 index 000000000000..cbac4159f97a --- /dev/null +++ b/2021/4xxx/CVE-2021-4285.json @@ -0,0 +1,104 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4285", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Nagios NCPA wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei agent/listener/templates/tail.html. Durch das Beeinflussen des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 2.4.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nagios", + "product": { + "product_data": [ + { + "product_name": "NCPA", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216874", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216874" + }, + { + "url": "https://vuldb.com/?ctiid.216874", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216874" + }, + { + "url": "https://github.com/NagiosEnterprises/ncpa/pull/834", + "refsource": "MISC", + "name": "https://github.com/NagiosEnterprises/ncpa/pull/834" + }, + { + "url": "https://github.com/NagiosEnterprises/ncpa/commit/5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5", + "refsource": "MISC", + "name": "https://github.com/NagiosEnterprises/ncpa/commit/5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5" + }, + { + "url": "https://github.com/NagiosEnterprises/ncpa/releases/tag/v2.4.0", + "refsource": "MISC", + "name": "https://github.com/NagiosEnterprises/ncpa/releases/tag/v2.4.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4286.json b/2021/4xxx/CVE-2021-4286.json new file mode 100644 index 000000000000..566857fe8a18 --- /dev/null +++ b/2021/4xxx/CVE-2021-4286.json @@ -0,0 +1,168 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4286", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in cocagne pysrp bis 1.0.16 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion calculate_x der Datei srp/_ctsrp.py. Durch Beeinflussen mit unbekannten Daten kann eine information exposure through discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.17 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dba52642f5e95d3da7af1780561213ee6053195f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203 Information Exposure Through Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cocagne", + "product": { + "product_data": [ + { + "product_name": "pysrp", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + }, + { + "version_value": "1.0.6", + "version_affected": "=" + }, + { + "version_value": "1.0.7", + "version_affected": "=" + }, + { + "version_value": "1.0.8", + "version_affected": "=" + }, + { + "version_value": "1.0.9", + "version_affected": "=" + }, + { + "version_value": "1.0.10", + "version_affected": "=" + }, + { + "version_value": "1.0.11", + "version_affected": "=" + }, + { + "version_value": "1.0.12", + "version_affected": "=" + }, + { + "version_value": "1.0.13", + "version_affected": "=" + }, + { + "version_value": "1.0.14", + "version_affected": "=" + }, + { + "version_value": "1.0.15", + "version_affected": "=" + }, + { + "version_value": "1.0.16", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216875", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216875" + }, + { + "url": "https://vuldb.com/?ctiid.216875", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216875" + }, + { + "url": "https://github.com/cocagne/pysrp/pull/43", + "refsource": "MISC", + "name": "https://github.com/cocagne/pysrp/pull/43" + }, + { + "url": "https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f", + "refsource": "MISC", + "name": "https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f" + }, + { + "url": "https://github.com/cocagne/pysrp/releases/tag/1.0.17", + "refsource": "MISC", + "name": "https://github.com/cocagne/pysrp/releases/tag/1.0.17" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4287.json b/2021/4xxx/CVE-2021-4287.json new file mode 100644 index 000000000000..423be9e3b7b7 --- /dev/null +++ b/2021/4xxx/CVE-2021-4287.json @@ -0,0 +1,112 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4287", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in ReFirm Labs binwalk bis 2.3.2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei src/binwalk/modules/extractor.py der Komponente Archive Extraction Handler. Dank der Manipulation mit unbekannten Daten kann eine symlink following-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fa0c0bd59b8588814756942fe4cb5452e76c1dcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61 Symlink Following", + "cweId": "CWE-61" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ReFirm Labs", + "product": { + "product_data": [ + { + "product_name": "binwalk", + "version": { + "version_data": [ + { + "version_value": "2.3.0", + "version_affected": "=" + }, + { + "version_value": "2.3.1", + "version_affected": "=" + }, + { + "version_value": "2.3.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216876", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216876" + }, + { + "url": "https://vuldb.com/?ctiid.216876", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216876" + }, + { + "url": "https://github.com/ReFirmLabs/binwalk/pull/556", + "refsource": "MISC", + "name": "https://github.com/ReFirmLabs/binwalk/pull/556" + }, + { + "url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd", + "refsource": "MISC", + "name": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd" + }, + { + "url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3", + "refsource": "MISC", + "name": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4288.json b/2021/4xxx/CVE-2021-4288.json new file mode 100644 index 000000000000..8aef28b73373 --- /dev/null +++ b/2021/4xxx/CVE-2021-4288.json @@ -0,0 +1,148 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4288", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 35f81901a4cb925747a9615b8706f5079d2196a1. It is recommended to upgrade the affected component. The identifier VDB-216881 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in OpenMRS openmrs-module-referenceapplication bis 2.11.x ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei omod/src/main/webapp/pages/userApp.gsp. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.12.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 35f81901a4cb925747a9615b8706f5079d2196a1 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "openmrs-module-referenceapplication", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + }, + { + "version_value": "2.2", + "version_affected": "=" + }, + { + "version_value": "2.3", + "version_affected": "=" + }, + { + "version_value": "2.4", + "version_affected": "=" + }, + { + "version_value": "2.5", + "version_affected": "=" + }, + { + "version_value": "2.6", + "version_affected": "=" + }, + { + "version_value": "2.7", + "version_affected": "=" + }, + { + "version_value": "2.8", + "version_affected": "=" + }, + { + "version_value": "2.9", + "version_affected": "=" + }, + { + "version_value": "2.10", + "version_affected": "=" + }, + { + "version_value": "2.11", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216881", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216881" + }, + { + "url": "https://vuldb.com/?ctiid.216881", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216881" + }, + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/92", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/92" + }, + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/35f81901a4cb925747a9615b8706f5079d2196a1", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/35f81901a4cb925747a9615b8706f5079d2196a1" + }, + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4289.json b/2021/4xxx/CVE-2021-4289.json new file mode 100644 index 000000000000..41e95e64511f --- /dev/null +++ b/2021/4xxx/CVE-2021-4289.json @@ -0,0 +1,153 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4289", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883." + }, + { + "lang": "deu", + "value": "In OpenMRS openmrs-module-referenceapplication bis 2.11.x wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion post der Datei omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java der Komponente User App Page. Durch das Manipulieren des Arguments AppId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.12.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0410c091d46eed3c132fe0fcafe5964182659f74 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "openmrs-module-referenceapplication", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + }, + { + "version_value": "2.2", + "version_affected": "=" + }, + { + "version_value": "2.3", + "version_affected": "=" + }, + { + "version_value": "2.4", + "version_affected": "=" + }, + { + "version_value": "2.5", + "version_affected": "=" + }, + { + "version_value": "2.6", + "version_affected": "=" + }, + { + "version_value": "2.7", + "version_affected": "=" + }, + { + "version_value": "2.8", + "version_affected": "=" + }, + { + "version_value": "2.9", + "version_affected": "=" + }, + { + "version_value": "2.10", + "version_affected": "=" + }, + { + "version_value": "2.11", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0" + }, + { + "url": "https://vuldb.com/?id.216883", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216883" + }, + { + "url": "https://vuldb.com/?ctiid.216883", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216883" + }, + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/89", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/89" + }, + { + "url": "https://issues.openmrs.org/browse/RA-1875", + "refsource": "MISC", + "name": "https://issues.openmrs.org/browse/RA-1875" + }, + { + "url": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4290.json b/2021/4xxx/CVE-2021-4290.json new file mode 100644 index 000000000000..0a8079cf2822 --- /dev/null +++ b/2021/4xxx/CVE-2021-4290.json @@ -0,0 +1,94 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4290", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is 5c13c6a972ef4c07c5f35b417916e0598af9e123. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216907." + }, + { + "lang": "deu", + "value": "In DHBW Fallstudie wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei app/config/passport.js der Komponente Login. Durch das Beeinflussen des Arguments id/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 5c13c6a972ef4c07c5f35b417916e0598af9e123 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DHBW Fallstudie", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216907", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216907" + }, + { + "url": "https://vuldb.com/?ctiid.216907", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216907" + }, + { + "url": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123", + "refsource": "MISC", + "name": "https://github.com/maboehm/fallstudie/commit/5c13c6a972ef4c07c5f35b417916e0598af9e123" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4291.json b/2021/4xxx/CVE-2021-4291.json new file mode 100644 index 000000000000..f2e08424c284 --- /dev/null +++ b/2021/4xxx/CVE-2021-4291.json @@ -0,0 +1,124 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4291", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216916." + }, + { + "lang": "deu", + "value": "In OpenMRS Admin UI Module bis 1.5.x wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei omod/src/main/webapp/pages/metadata/locations/location.gsp. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.6.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "Admin UI Module", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + }, + { + "version_value": "1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216916", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216916" + }, + { + "url": "https://vuldb.com/?ctiid.216916", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216916" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/pull/61", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/pull/61" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/commit/a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/commit/a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.6.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.6.0" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4292.json b/2021/4xxx/CVE-2021-4292.json new file mode 100644 index 000000000000..8d254de284b6 --- /dev/null +++ b/2021/4xxx/CVE-2021-4292.json @@ -0,0 +1,120 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4292", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 4f8565425b7c74128dec9ca46dfbb9a3c1c24911. It is recommended to upgrade the affected component. The identifier VDB-216917 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in OpenMRS Admin UI Module bis 1.4.x ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei omod/src/main/webapp/pages/metadata/privileges/privilege.gsp der Komponente Manage Privilege Page. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.5.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 4f8565425b7c74128dec9ca46dfbb9a3c1c24911 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenMRS", + "product": { + "product_data": [ + { + "product_name": "Admin UI Module", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + }, + { + "version_value": "1.1", + "version_affected": "=" + }, + { + "version_value": "1.2", + "version_affected": "=" + }, + { + "version_value": "1.3", + "version_affected": "=" + }, + { + "version_value": "1.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.5.0", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/releases/tag/1.5.0" + }, + { + "url": "https://vuldb.com/?id.216917", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216917" + }, + { + "url": "https://vuldb.com/?ctiid.216917", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216917" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/pull/58", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/pull/58" + }, + { + "url": "https://github.com/openmrs/openmrs-module-adminui/commit/4f8565425b7c74128dec9ca46dfbb9a3c1c24911", + "refsource": "MISC", + "name": "https://github.com/openmrs/openmrs-module-adminui/commit/4f8565425b7c74128dec9ca46dfbb9a3c1c24911" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4293.json b/2021/4xxx/CVE-2021-4293.json new file mode 100644 index 000000000000..d4b77c68fe2e --- /dev/null +++ b/2021/4xxx/CVE-2021-4293.json @@ -0,0 +1,103 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4293", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in gnuboard youngcart5 up to 5.4.5.1. Affected is an unknown function of the file adm/menu_list_update.php. The manipulation of the argument me_link leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.4.5.2 is able to address this issue. The name of the patch is 70daa537adfa47b87af12d85f1e698fff01785ff. It is recommended to upgrade the affected component. VDB-216954 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine problematische Schwachstelle in gnuboard youngcart5 bis 5.4.5.1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei adm/menu_list_update.php. Dank Manipulation des Arguments me_link mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 5.4.5.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 70daa537adfa47b87af12d85f1e698fff01785ff bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gnuboard", + "product": { + "product_data": [ + { + "product_name": "youngcart5", + "version": { + "version_data": [ + { + "version_value": "5.4.5.0", + "version_affected": "=" + }, + { + "version_value": "5.4.5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216954", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216954" + }, + { + "url": "https://vuldb.com/?ctiid.216954", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216954" + }, + { + "url": "https://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ff", + "refsource": "MISC", + "name": "https://github.com/gnuboard/youngcart5/commit/70daa537adfa47b87af12d85f1e698fff01785ff" + }, + { + "url": "https://github.com/gnuboard/youngcart5/releases/tag/5.4.5.2", + "refsource": "MISC", + "name": "https://github.com/gnuboard/youngcart5/releases/tag/5.4.5.2" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4294.json b/2021/4xxx/CVE-2021-4294.json new file mode 100644 index 000000000000..12d8c4bb8773 --- /dev/null +++ b/2021/4xxx/CVE-2021-4294.json @@ -0,0 +1,99 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4294", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in OpenShift OSIN ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion ClientSecretMatches/CheckClientSecret. Dank Manipulation des Arguments secret mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Patch wird als 8612686d6dda34ae9ef6b5a974e4b7accb4fea29 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-208 Observable Timing Discrepancy", + "cweId": "CWE-208" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenShift", + "product": { + "product_data": [ + { + "product_name": "OSIN", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.216987", + "refsource": "MISC", + "name": "https://vuldb.com/?id.216987" + }, + { + "url": "https://vuldb.com/?ctiid.216987", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.216987" + }, + { + "url": "https://github.com/openshift/osin/pull/200", + "refsource": "MISC", + "name": "https://github.com/openshift/osin/pull/200" + }, + { + "url": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29", + "refsource": "MISC", + "name": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.6, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.6, + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4295.json b/2021/4xxx/CVE-2021-4295.json new file mode 100644 index 000000000000..4c0ca340cc94 --- /dev/null +++ b/2021/4xxx/CVE-2021-4295.json @@ -0,0 +1,230 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4295", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ONC code-validator-api bis 1.0.30 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion vocabularyValidationConfigurations der Datei src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java der Komponente XML Handler. Durch Beeinflussen mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.31 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fbd8ea121755a2d3d116b13f235bc8b61d8449af bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ONC", + "product": { + "product_data": [ + { + "product_name": "code-validator-api", + "version": { + "version_data": [ + { + "version_value": "1.0.0", + "version_affected": "=" + }, + { + "version_value": "1.0.1", + "version_affected": "=" + }, + { + "version_value": "1.0.2", + "version_affected": "=" + }, + { + "version_value": "1.0.3", + "version_affected": "=" + }, + { + "version_value": "1.0.4", + "version_affected": "=" + }, + { + "version_value": "1.0.5", + "version_affected": "=" + }, + { + "version_value": "1.0.6", + "version_affected": "=" + }, + { + "version_value": "1.0.7", + "version_affected": "=" + }, + { + "version_value": "1.0.8", + "version_affected": "=" + }, + { + "version_value": "1.0.9", + "version_affected": "=" + }, + { + "version_value": "1.0.10", + "version_affected": "=" + }, + { + "version_value": "1.0.11", + "version_affected": "=" + }, + { + "version_value": "1.0.12", + "version_affected": "=" + }, + { + "version_value": "1.0.13", + "version_affected": "=" + }, + { + "version_value": "1.0.14", + "version_affected": "=" + }, + { + "version_value": "1.0.15", + "version_affected": "=" + }, + { + "version_value": "1.0.16", + "version_affected": "=" + }, + { + "version_value": "1.0.17", + "version_affected": "=" + }, + { + "version_value": "1.0.18", + "version_affected": "=" + }, + { + "version_value": "1.0.19", + "version_affected": "=" + }, + { + "version_value": "1.0.20", + "version_affected": "=" + }, + { + "version_value": "1.0.21", + "version_affected": "=" + }, + { + "version_value": "1.0.22", + "version_affected": "=" + }, + { + "version_value": "1.0.23", + "version_affected": "=" + }, + { + "version_value": "1.0.24", + "version_affected": "=" + }, + { + "version_value": "1.0.25", + "version_affected": "=" + }, + { + "version_value": "1.0.26", + "version_affected": "=" + }, + { + "version_value": "1.0.27", + "version_affected": "=" + }, + { + "version_value": "1.0.28", + "version_affected": "=" + }, + { + "version_value": "1.0.29", + "version_affected": "=" + }, + { + "version_value": "1.0.30", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217018", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217018" + }, + { + "url": "https://vuldb.com/?ctiid.217018", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217018" + }, + { + "url": "https://github.com/onc-healthit/code-validator-api/pull/97", + "refsource": "MISC", + "name": "https://github.com/onc-healthit/code-validator-api/pull/97" + }, + { + "url": "https://github.com/onc-healthit/code-validator-api/commit/fbd8ea121755a2d3d116b13f235bc8b61d8449af", + "refsource": "MISC", + "name": "https://github.com/onc-healthit/code-validator-api/commit/fbd8ea121755a2d3d116b13f235bc8b61d8449af" + }, + { + "url": "https://github.com/onc-healthit/code-validator-api/releases/tag/1.0.31", + "refsource": "MISC", + "name": "https://github.com/onc-healthit/code-validator-api/releases/tag/1.0.31" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4296.json b/2021/4xxx/CVE-2021-4296.json new file mode 100644 index 000000000000..eee78e260c02 --- /dev/null +++ b/2021/4xxx/CVE-2021-4296.json @@ -0,0 +1,105 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4296", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in w3c Unicorn entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion ValidatorNuMessage der Datei src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. Dank der Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 51f75c31f7fc33859a9a571311c67ae4e95d9c68 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "w3c", + "product": { + "product_data": [ + { + "product_name": "Unicorn", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217019", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217019" + }, + { + "url": "https://vuldb.com/?ctiid.217019", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217019" + }, + { + "url": "https://github.com/w3c/Unicorn/pull/212", + "refsource": "MISC", + "name": "https://github.com/w3c/Unicorn/pull/212" + }, + { + "url": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68", + "refsource": "MISC", + "name": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4297.json b/2021/4xxx/CVE-2021-4297.json new file mode 100644 index 000000000000..dd350d8e6cdc --- /dev/null +++ b/2021/4xxx/CVE-2021-4297.json @@ -0,0 +1,126 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4297", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In trampgeek jobe bis 1.6.4 wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es die Funktion runs_post der Datei application/controllers/Restapi.php. Dank Manipulation des Arguments sourcefilename mit unbekannten Daten kann eine unbekannte Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.6.5 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 694da5013dbecc8d30dd83e2a83e78faadf93771 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "trampgeek", + "product": { + "product_data": [ + { + "product_name": "jobe", + "version": { + "version_data": [ + { + "version_value": "1.6.0", + "version_affected": "=" + }, + { + "version_value": "1.6.1", + "version_affected": "=" + }, + { + "version_value": "1.6.2", + "version_affected": "=" + }, + { + "version_value": "1.6.3", + "version_affected": "=" + }, + { + "version_value": "1.6.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217174", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217174" + }, + { + "url": "https://vuldb.com/?ctiid.217174", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217174" + }, + { + "url": "https://github.com/trampgeek/jobe/issues/46", + "refsource": "MISC", + "name": "https://github.com/trampgeek/jobe/issues/46" + }, + { + "url": "https://github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771", + "refsource": "MISC", + "name": "https://github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4298.json b/2021/4xxx/CVE-2021-4298.json new file mode 100644 index 000000000000..8ea42707b7ce --- /dev/null +++ b/2021/4xxx/CVE-2021-4298.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4298", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The name of the patch is d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217179." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Hesburgh Libraries of Notre Dame Sipity entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion SearchCriteriaForWorksParameter der Datei app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2021.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d1704c7363b899ffce65be03a796a0ee5fdbfbdc bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hesburgh Libraries of Notre Dame", + "product": { + "product_data": [ + { + "product_name": "Sipity", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217179", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217179" + }, + { + "url": "https://vuldb.com/?ctiid.217179", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217179" + }, + { + "url": "https://github.com/ndlib/sipity/commit/d1704c7363b899ffce65be03a796a0ee5fdbfbdc", + "refsource": "MISC", + "name": "https://github.com/ndlib/sipity/commit/d1704c7363b899ffce65be03a796a0ee5fdbfbdc" + }, + { + "url": "https://github.com/ndlib/sipity/releases/tag/v2021.8", + "refsource": "MISC", + "name": "https://github.com/ndlib/sipity/releases/tag/v2021.8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4299.json b/2021/4xxx/CVE-2021-4299.json new file mode 100644 index 000000000000..65b0c34918f4 --- /dev/null +++ b/2021/4xxx/CVE-2021-4299.json @@ -0,0 +1,139 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4299", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180." + }, + { + "lang": "deu", + "value": "In cronvel string-kit bis 0.12.7 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um die Funktion naturalSort der Datei lib/naturalSort.js. Durch das Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.12.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 9cac4c298ee92c1695b0695951f1488884a7ca73 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cronvel", + "product": { + "product_data": [ + { + "product_name": "string-kit", + "version": { + "version_data": [ + { + "version_value": "0.12.0", + "version_affected": "=" + }, + { + "version_value": "0.12.1", + "version_affected": "=" + }, + { + "version_value": "0.12.2", + "version_affected": "=" + }, + { + "version_value": "0.12.3", + "version_affected": "=" + }, + { + "version_value": "0.12.4", + "version_affected": "=" + }, + { + "version_value": "0.12.5", + "version_affected": "=" + }, + { + "version_value": "0.12.6", + "version_affected": "=" + }, + { + "version_value": "0.12.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217180", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217180" + }, + { + "url": "https://vuldb.com/?ctiid.217180", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217180" + }, + { + "url": "https://github.com/cronvel/string-kit/commit/9cac4c298ee92c1695b0695951f1488884a7ca73", + "refsource": "MISC", + "name": "https://github.com/cronvel/string-kit/commit/9cac4c298ee92c1695b0695951f1488884a7ca73" + }, + { + "url": "https://github.com/cronvel/string-kit/releases/tag/v0.12.8", + "refsource": "MISC", + "name": "https://github.com/cronvel/string-kit/releases/tag/v0.12.8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4300.json b/2021/4xxx/CVE-2021-4300.json new file mode 100644 index 000000000000..6273a6a1059c --- /dev/null +++ b/2021/4xxx/CVE-2021-4300.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4300", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The name of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ghostlander Halcyon wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion CBlock::AddToBlockIndex der Datei src/main.cpp der Komponente Block Verification. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.1.1.0-hal vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0675b25ae9cc10b5fdc8ea3a32c642979762d45e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ghostlander", + "product": { + "product_data": [ + { + "product_name": "Halcyon", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217417", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217417" + }, + { + "url": "https://vuldb.com/?ctiid.217417", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217417" + }, + { + "url": "https://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45e", + "refsource": "MISC", + "name": "https://github.com/ghostlander/Halcyon/commit/0675b25ae9cc10b5fdc8ea3a32c642979762d45e" + }, + { + "url": "https://github.com/ghostlander/Halcyon/releases/tag/v1.1.1.0-hal", + "refsource": "MISC", + "name": "https://github.com/ghostlander/Halcyon/releases/tag/v1.1.1.0-hal" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4301.json b/2021/4xxx/CVE-2021-4301.json new file mode 100644 index 000000000000..e33bb0f50709 --- /dev/null +++ b/2021/4xxx/CVE-2021-4301.json @@ -0,0 +1,215 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4301", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in slackero phpwcms bis 1.9.26 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch die Manipulation des Arguments $phpwcms['db_prepend'] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.9.27 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 77dafb6a8cc1015f0777daeb5792f43beef77a9d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "slackero", + "product": { + "product_data": [ + { + "product_name": "phpwcms", + "version": { + "version_data": [ + { + "version_value": "1.9.0", + "version_affected": "=" + }, + { + "version_value": "1.9.1", + "version_affected": "=" + }, + { + "version_value": "1.9.2", + "version_affected": "=" + }, + { + "version_value": "1.9.3", + "version_affected": "=" + }, + { + "version_value": "1.9.4", + "version_affected": "=" + }, + { + "version_value": "1.9.5", + "version_affected": "=" + }, + { + "version_value": "1.9.6", + "version_affected": "=" + }, + { + "version_value": "1.9.7", + "version_affected": "=" + }, + { + "version_value": "1.9.8", + "version_affected": "=" + }, + { + "version_value": "1.9.9", + "version_affected": "=" + }, + { + "version_value": "1.9.10", + "version_affected": "=" + }, + { + "version_value": "1.9.11", + "version_affected": "=" + }, + { + "version_value": "1.9.12", + "version_affected": "=" + }, + { + "version_value": "1.9.13", + "version_affected": "=" + }, + { + "version_value": "1.9.14", + "version_affected": "=" + }, + { + "version_value": "1.9.15", + "version_affected": "=" + }, + { + "version_value": "1.9.16", + "version_affected": "=" + }, + { + "version_value": "1.9.17", + "version_affected": "=" + }, + { + "version_value": "1.9.18", + "version_affected": "=" + }, + { + "version_value": "1.9.19", + "version_affected": "=" + }, + { + "version_value": "1.9.20", + "version_affected": "=" + }, + { + "version_value": "1.9.21", + "version_affected": "=" + }, + { + "version_value": "1.9.22", + "version_affected": "=" + }, + { + "version_value": "1.9.23", + "version_affected": "=" + }, + { + "version_value": "1.9.24", + "version_affected": "=" + }, + { + "version_value": "1.9.25", + "version_affected": "=" + }, + { + "version_value": "1.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27" + }, + { + "url": "https://vuldb.com/?id.217418", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217418" + }, + { + "url": "https://vuldb.com/?ctiid.217418", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217418" + }, + { + "url": "https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4302.json b/2021/4xxx/CVE-2021-4302.json new file mode 100644 index 000000000000..2eb86a80ee73 --- /dev/null +++ b/2021/4xxx/CVE-2021-4302.json @@ -0,0 +1,215 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4302", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in slackero phpwcms bis 1.9.26 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente SVG File Handler. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.9.27 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b39db9c7ad3800f319195ff0e26a0981395b1c54 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "slackero", + "product": { + "product_data": [ + { + "product_name": "phpwcms", + "version": { + "version_data": [ + { + "version_value": "1.9.0", + "version_affected": "=" + }, + { + "version_value": "1.9.1", + "version_affected": "=" + }, + { + "version_value": "1.9.2", + "version_affected": "=" + }, + { + "version_value": "1.9.3", + "version_affected": "=" + }, + { + "version_value": "1.9.4", + "version_affected": "=" + }, + { + "version_value": "1.9.5", + "version_affected": "=" + }, + { + "version_value": "1.9.6", + "version_affected": "=" + }, + { + "version_value": "1.9.7", + "version_affected": "=" + }, + { + "version_value": "1.9.8", + "version_affected": "=" + }, + { + "version_value": "1.9.9", + "version_affected": "=" + }, + { + "version_value": "1.9.10", + "version_affected": "=" + }, + { + "version_value": "1.9.11", + "version_affected": "=" + }, + { + "version_value": "1.9.12", + "version_affected": "=" + }, + { + "version_value": "1.9.13", + "version_affected": "=" + }, + { + "version_value": "1.9.14", + "version_affected": "=" + }, + { + "version_value": "1.9.15", + "version_affected": "=" + }, + { + "version_value": "1.9.16", + "version_affected": "=" + }, + { + "version_value": "1.9.17", + "version_affected": "=" + }, + { + "version_value": "1.9.18", + "version_affected": "=" + }, + { + "version_value": "1.9.19", + "version_affected": "=" + }, + { + "version_value": "1.9.20", + "version_affected": "=" + }, + { + "version_value": "1.9.21", + "version_affected": "=" + }, + { + "version_value": "1.9.22", + "version_affected": "=" + }, + { + "version_value": "1.9.23", + "version_affected": "=" + }, + { + "version_value": "1.9.24", + "version_affected": "=" + }, + { + "version_value": "1.9.25", + "version_affected": "=" + }, + { + "version_value": "1.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217419", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217419" + }, + { + "url": "https://vuldb.com/?ctiid.217419", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217419" + }, + { + "url": "https://github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/commit/b39db9c7ad3800f319195ff0e26a0981395b1c54" + }, + { + "url": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4303.json b/2021/4xxx/CVE-2021-4303.json new file mode 100644 index 000000000000..1346640ec258 --- /dev/null +++ b/2021/4xxx/CVE-2021-4303.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4303", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in shannah Xataface bis 2.x entdeckt. Dies betrifft die Funktion testftp der Datei install/install_form.js.php der Komponente Installer. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 94143a4299e386f33bf582139cd4702571d93bde bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "shannah", + "product": { + "product_data": [ + { + "product_name": "Xataface", + "version": { + "version_data": [ + { + "version_value": "2.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217442", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217442" + }, + { + "url": "https://vuldb.com/?ctiid.217442", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217442" + }, + { + "url": "https://github.com/shannah/xataface/commit/94143a4299e386f33bf582139cd4702571d93bde", + "refsource": "MISC", + "name": "https://github.com/shannah/xataface/commit/94143a4299e386f33bf582139cd4702571d93bde" + }, + { + "url": "https://github.com/shannah/xataface/releases/tag/3.0.0", + "refsource": "MISC", + "name": "https://github.com/shannah/xataface/releases/tag/3.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.7, + "vectorString": "AV:N/AC:H/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4304.json b/2021/4xxx/CVE-2021-4304.json new file mode 100644 index 000000000000..59ec6bc77ff1 --- /dev/null +++ b/2021/4xxx/CVE-2021-4304.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4304", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb044891594f00062a828f51b22cb1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217447." + }, + { + "lang": "deu", + "value": "In eprintsug ulcc-core wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei cgi/toolbox/toolbox. Durch Beeinflussen des Arguments password mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 811edaae81eb044891594f00062a828f51b22cb1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eprintsug", + "product": { + "product_data": [ + { + "product_name": "ulcc-core", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217447", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217447" + }, + { + "url": "https://vuldb.com/?ctiid.217447", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217447" + }, + { + "url": "https://github.com/eprintsug/ulcc-core/commit/811edaae81eb044891594f00062a828f51b22cb1", + "refsource": "MISC", + "name": "https://github.com/eprintsug/ulcc-core/commit/811edaae81eb044891594f00062a828f51b22cb1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4305.json b/2021/4xxx/CVE-2021-4305.json new file mode 100644 index 000000000000..73b30a07a076 --- /dev/null +++ b/2021/4xxx/CVE-2021-4305.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4305", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by this issue is the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The name of the patch is c03827cd2f9933619c23894ce7c98401ea824020. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217448." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Woorank robots-txt-guard ausgemacht. Betroffen davon ist die Funktion makePathPattern der Datei lib/patterns.js. Dank der Manipulation des Arguments pattern mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als c03827cd2f9933619c23894ce7c98401ea824020 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Woorank", + "product": { + "product_data": [ + { + "product_name": "robots-txt-guard", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217448", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217448" + }, + { + "url": "https://vuldb.com/?ctiid.217448", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217448" + }, + { + "url": "https://github.com/Woorank/robots-txt-guard/pull/4", + "refsource": "MISC", + "name": "https://github.com/Woorank/robots-txt-guard/pull/4" + }, + { + "url": "https://github.com/Woorank/robots-txt-guard/commit/c03827cd2f9933619c23894ce7c98401ea824020", + "refsource": "MISC", + "name": "https://github.com/Woorank/robots-txt-guard/commit/c03827cd2f9933619c23894ce7c98401ea824020" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4306.json b/2021/4xxx/CVE-2021-4306.json new file mode 100644 index 000000000000..83d1d52ee9e3 --- /dev/null +++ b/2021/4xxx/CVE-2021-4306.json @@ -0,0 +1,139 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4306", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in cronvel terminal-kit bis 2.1.7 entdeckt. Es betrifft eine unbekannte Funktion. Durch das Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.1.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a2e446cc3927b559d0281683feb9b821e83b758c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cronvel", + "product": { + "product_data": [ + { + "product_name": "terminal-kit", + "version": { + "version_data": [ + { + "version_value": "2.1.0", + "version_affected": "=" + }, + { + "version_value": "2.1.1", + "version_affected": "=" + }, + { + "version_value": "2.1.2", + "version_affected": "=" + }, + { + "version_value": "2.1.3", + "version_affected": "=" + }, + { + "version_value": "2.1.4", + "version_affected": "=" + }, + { + "version_value": "2.1.5", + "version_affected": "=" + }, + { + "version_value": "2.1.6", + "version_affected": "=" + }, + { + "version_value": "2.1.7", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217620", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217620" + }, + { + "url": "https://vuldb.com/?ctiid.217620", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217620" + }, + { + "url": "https://github.com/cronvel/terminal-kit/commit/a2e446cc3927b559d0281683feb9b821e83b758c", + "refsource": "MISC", + "name": "https://github.com/cronvel/terminal-kit/commit/a2e446cc3927b559d0281683feb9b821e83b758c" + }, + { + "url": "https://github.com/cronvel/terminal-kit/releases/tag/v2.1.8", + "refsource": "MISC", + "name": "https://github.com/cronvel/terminal-kit/releases/tag/v2.1.8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.3, + "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4307.json b/2021/4xxx/CVE-2021-4307.json new file mode 100644 index 000000000000..f90926f8adc0 --- /dev/null +++ b/2021/4xxx/CVE-2021-4307.json @@ -0,0 +1,140 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4307", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627." + }, + { + "lang": "deu", + "value": "In Yomguithereal Baobab bis 2.6.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch die Manipulation mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes ('prototype pollution')-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.6.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c56639532a923d9a1600fb863ec7551b188b5d19 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yomguithereal", + "product": { + "product_data": [ + { + "product_name": "Baobab", + "version": { + "version_data": [ + { + "version_value": "2.0", + "version_affected": "=" + }, + { + "version_value": "2.1", + "version_affected": "=" + }, + { + "version_value": "2.2", + "version_affected": "=" + }, + { + "version_value": "2.3", + "version_affected": "=" + }, + { + "version_value": "2.4", + "version_affected": "=" + }, + { + "version_value": "2.5", + "version_affected": "=" + }, + { + "version_value": "2.6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217627", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217627" + }, + { + "url": "https://vuldb.com/?ctiid.217627", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217627" + }, + { + "url": "https://github.com/Yomguithereal/baobab/pull/511", + "refsource": "MISC", + "name": "https://github.com/Yomguithereal/baobab/pull/511" + }, + { + "url": "https://github.com/Yomguithereal/baobab/commit/c56639532a923d9a1600fb863ec7551b188b5d19", + "refsource": "MISC", + "name": "https://github.com/Yomguithereal/baobab/commit/c56639532a923d9a1600fb863ec7551b188b5d19" + }, + { + "url": "https://github.com/Yomguithereal/baobab/releases/tag/2.6.1", + "refsource": "MISC", + "name": "https://github.com/Yomguithereal/baobab/releases/tag/2.6.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4308.json b/2021/4xxx/CVE-2021-4308.json new file mode 100644 index 000000000000..df1dd1fcfbc6 --- /dev/null +++ b/2021/4xxx/CVE-2021-4308.json @@ -0,0 +1,120 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4308", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The name of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in WebPA bis 3.1.1 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.1.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8836c4f549181e885a68e0e7ca561fdbcbd04bf0 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WebPA", + "version": { + "version_data": [ + { + "version_value": "3.1.0", + "version_affected": "=" + }, + { + "version_value": "3.1.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217637", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217637" + }, + { + "url": "https://vuldb.com/?ctiid.217637", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217637" + }, + { + "url": "https://github.com/WebPA/WebPA/pull/87", + "refsource": "MISC", + "name": "https://github.com/WebPA/WebPA/pull/87" + }, + { + "url": "https://github.com/WebPA/WebPA/commit/8836c4f549181e885a68e0e7ca561fdbcbd04bf0", + "refsource": "MISC", + "name": "https://github.com/WebPA/WebPA/commit/8836c4f549181e885a68e0e7ca561fdbcbd04bf0" + }, + { + "url": "https://github.com/WebPA/WebPA/releases/tag/v3.1.2", + "refsource": "MISC", + "name": "https://github.com/WebPA/WebPA/releases/tag/v3.1.2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4309.json b/2021/4xxx/CVE-2021-4309.json new file mode 100644 index 000000000000..129421582191 --- /dev/null +++ b/2021/4xxx/CVE-2021-4309.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4309", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in 01-Scripts 01ACP entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation des Arguments $_SERVER['SCRIPT_NAME'] mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als a16eb7da46ed22bc61067c212635394f2571d3c4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "01-Scripts", + "product": { + "product_data": [ + { + "product_name": "01ACP", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217649", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217649" + }, + { + "url": "https://vuldb.com/?ctiid.217649", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217649" + }, + { + "url": "https://github.com/01-Scripts/01ACP/commit/a16eb7da46ed22bc61067c212635394f2571d3c4", + "refsource": "MISC", + "name": "https://github.com/01-Scripts/01ACP/commit/a16eb7da46ed22bc61067c212635394f2571d3c4" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4310.json b/2021/4xxx/CVE-2021-4310.json new file mode 100644 index 000000000000..252494ced3be --- /dev/null +++ b/2021/4xxx/CVE-2021-4310.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4310", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in 01-Scripts 01-Artikelsystem ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei 01article.php. Mittels dem Manipulieren des Arguments $_SERVER['PHP_SELF'] mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als ae849b347a58c2cb1be38d04bbe56fc883d5d84a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "01-Scripts", + "product": { + "product_data": [ + { + "product_name": "01-Artikelsystem", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217662", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217662" + }, + { + "url": "https://vuldb.com/?ctiid.217662", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217662" + }, + { + "url": "https://github.com/01-Scripts/01-Artikelsystem/commit/ae849b347a58c2cb1be38d04bbe56fc883d5d84a", + "refsource": "MISC", + "name": "https://github.com/01-Scripts/01-Artikelsystem/commit/ae849b347a58c2cb1be38d04bbe56fc883d5d84a" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4311.json b/2021/4xxx/CVE-2021-4311.json new file mode 100644 index 000000000000..adb8c0f15a5f --- /dev/null +++ b/2021/4xxx/CVE-2021-4311.json @@ -0,0 +1,111 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-4311", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Talend Open Studio for MDM wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente XML Handler. Durch das Beeinflussen mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Patch wird als 31d442b9fb1d518128fd18f6e4d54e06c3d67793 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Talend", + "product": { + "product_data": [ + { + "product_name": "Open Studio for MDM", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217666", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217666" + }, + { + "url": "https://vuldb.com/?ctiid.217666", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217666" + }, + { + "url": "https://github.com/Talend/tmdm-server-se/pull/1420", + "refsource": "MISC", + "name": "https://github.com/Talend/tmdm-server-se/pull/1420" + }, + { + "url": "https://github.com/Talend/tmdm-server-se/commit/31d442b9fb1d518128fd18f6e4d54e06c3d67793", + "refsource": "MISC", + "name": "https://github.com/Talend/tmdm-server-se/commit/31d442b9fb1d518128fd18f6e4d54e06c3d67793" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.9, + "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0259.json b/2022/0xxx/CVE-2022-0259.json index 688fde411142..4a93443a3203 100644 --- a/2022/0xxx/CVE-2022-0259.json +++ b/2022/0xxx/CVE-2022-0259.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-0259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none." } ] } diff --git a/2022/0xxx/CVE-2022-0337.json b/2022/0xxx/CVE-2022-0337.json index db79b747fab4..f26670b4e518 100644 --- a/2022/0xxx/CVE-2022-0337.json +++ b/2022/0xxx/CVE-2022-0337.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "97.0.4692.71", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1247389", + "refsource": "MISC", + "name": "https://crbug.com/1247389" } ] } diff --git a/2022/0xxx/CVE-2022-0511.json b/2022/0xxx/CVE-2022-0511.json index b301b5302dd5..e8500cc37372 100644 --- a/2022/0xxx/CVE-2022-0511.json +++ b/2022/0xxx/CVE-2022-0511.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 97" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713579%2C1735448%2C1743821%2C1746313%2C1746314%2C1746316%2C1746321%2C1746322%2C1746323%2C1746412%2C1746430%2C1746451%2C1746488%2C1746875%2C1746898%2C1746905%2C1746907%2C1746917%2C1747128%2C1747137%2C1747331%2C1747346%2C1747439%2C1747457%2C1747870%2C1749051%2C1749274%2C1749831", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713579%2C1735448%2C1743821%2C1746313%2C1746314%2C1746316%2C1746321%2C1746322%2C1746323%2C1746412%2C1746430%2C1746451%2C1746488%2C1746875%2C1746898%2C1746905%2C1746907%2C1746917%2C1747128%2C1747137%2C1747331%2C1747346%2C1747439%2C1747457%2C1747870%2C1749051%2C1749274%2C1749831" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97." } ] } diff --git a/2022/0xxx/CVE-2022-0517.json b/2022/0xxx/CVE-2022-0517.json index 4a54ca0d936e..a2902b668e6d 100644 --- a/2022/0xxx/CVE-2022-0517.json +++ b/2022/0xxx/CVE-2022-0517.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Mozilla VPN", + "version": { + "version_data": [ + { + "version_value": "2.7.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local privilege escalation vis uncontrolled OpenSSL search path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-08/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-08/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1752291", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1752291" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1." } ] } diff --git a/2022/0xxx/CVE-2022-0553.json b/2022/0xxx/CVE-2022-0553.json index 5fec3a8398f5..0d7e45f2fcae 100644 --- a/2022/0xxx/CVE-2022-0553.json +++ b/2022/0xxx/CVE-2022-0553.json @@ -4,15 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerabilities@zephyrproject.org", + "DATE_PUBLIC": "2022-05-12T00:00:00.000Z", + "STATE": "PUBLIC", + "TITLE": "Possible to retrieve uncrypted firmware image" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zephyrproject-rtos", + "product": { + "product_data": [ + { + "product_name": "zephyr", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "v3.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "Adjacent", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseSeverity": "MODERATE" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)" + } + ] } ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp", + "refsource": "MISC", + "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp" + } + ] + }, + "source": { + "defect": [ + "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp" + ] } -} \ No newline at end of file +} diff --git a/2022/0xxx/CVE-2022-0564.json b/2022/0xxx/CVE-2022-0564.json index 07d9fbf9a7ae..e8388629fa80 100644 --- a/2022/0xxx/CVE-2022-0564.json +++ b/2022/0xxx/CVE-2022-0564.json @@ -55,19 +55,19 @@ "references": { "reference_data": [ { - "url": "https://csirt.divd.nl/cases/DIVD-2021-00021", + "url": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531", "refsource": "MISC", - "name": "https://csirt.divd.nl/cases/DIVD-2021-00021" + "name": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531" }, { - "url": "https://csirt.divd.nl/cves/CVE-2022-0564", + "url": "https://csirt.divd.nl/DIVD-2021-00021/", "refsource": "MISC", - "name": "https://csirt.divd.nl/cves/CVE-2022-0564" + "name": "https://csirt.divd.nl/DIVD-2021-00021/" }, { - "url": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531", + "url": "https://csirt.divd.nl/CVE-2022-0564/", "refsource": "MISC", - "name": "https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-November-2021-Initial-Release/ta-p/1856531" + "name": "https://csirt.divd.nl/CVE-2022-0564/" } ] }, @@ -81,13 +81,27 @@ "work_around": [ { "lang": "en", - "value": "Disable internet-facing NTLM endpoints, e.g. internal_windows_authentication, to avoid domain enumeration." + "value": "Disable internet-facing NTLM endpoints, e.g. internal_windows_authentication, to avoid domain enumeration.\n\n", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Disable internet-facing NTLM endpoints, e.g. internal_windows_authentication, to avoid domain enumeration.

" + } + ] } ], "solution": [ { "lang": "en", - "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher." + "value": "Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher.\n\n", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Update Qlik Sense Enterprise on Windows to version 14.44.0 or higher.

" + } + ] } ], "credits": [ @@ -99,18 +113,18 @@ "impact": { "cvss": [ { - "attackComplexity": "LOW", + "version": "3.1", "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", + "attackComplexity": "LOW", "privilegesRequired": "NONE", - "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.1" + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2022/0xxx/CVE-2022-0566.json b/2022/0xxx/CVE-2022-0566.json index 5bb707791f91..ec9b3a5b09ee 100644 --- a/2022/0xxx/CVE-2022-0566.json +++ b/2022/0xxx/CVE-2022-0566.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Crafted email could trigger an out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-07/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1." } ] } diff --git a/2022/0xxx/CVE-2022-0668.json b/2022/0xxx/CVE-2022-0668.json index c099d2b493e6..6f7f19e19c23 100644 --- a/2022/0xxx/CVE-2022-0668.json +++ b/2022/0xxx/CVE-2022-0668.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-0668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0668", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "JFrog Artifactory", + "version": { + "version_data": [ + { + "version_name": "JFrog Artifactory versions before 7.x", + "version_affected": "<", + "version_value": "7.37.13", + "platform": "" + }, + { + "version_name": "JFrog Artifactory versions before 6.x", + "version_affected": "<", + "version_value": "6.23.41", + "platform": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-274 Improper Handling of Insufficient Privileges" + } ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } -} \ No newline at end of file + } +} diff --git a/2022/0xxx/CVE-2022-0730.json b/2022/0xxx/CVE-2022-0730.json index eb2a875a1ec4..9446f20ff7a6 100644 --- a/2022/0xxx/CVE-2022-0730.json +++ b/2022/0xxx/CVE-2022-0730.json @@ -73,6 +73,11 @@ "refsource": "DEBIAN", "name": "DSA-5298", "url": "https://www.debian.org/security/2022/dsa-5298" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html" } ] }, diff --git a/2022/0xxx/CVE-2022-0801.json b/2022/0xxx/CVE-2022-0801.json index b3a1482b35c5..a929307305fc 100644 --- a/2022/0xxx/CVE-2022-0801.json +++ b/2022/0xxx/CVE-2022-0801.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "99.0.4844.51", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1231037", + "refsource": "MISC", + "name": "https://crbug.com/1231037" } ] } diff --git a/2022/0xxx/CVE-2022-0843.json b/2022/0xxx/CVE-2022-0843.json index 0758a17d6302..4c9cd20b1338 100644 --- a/2022/0xxx/CVE-2022-0843.json +++ b/2022/0xxx/CVE-2022-0843.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "98", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 98" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-10/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-10/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746523%2C1749062%2C1749164%2C1749214%2C1749610%2C1750032%2C1752100%2C1752405%2C1753612%2C1754508" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98." } ] } diff --git a/2022/0xxx/CVE-2022-0865.json b/2022/0xxx/CVE-2022-0865.json index 9e2d8a0fe448..cc43baa46f8a 100644 --- a/2022/0xxx/CVE-2022-0865.json +++ b/2022/0xxx/CVE-2022-0865.json @@ -78,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/0xxx/CVE-2022-0891.json b/2022/0xxx/CVE-2022-0891.json index ef8c5ea46fd9..b3e86ba9d824 100644 --- a/2022/0xxx/CVE-2022-0891.json +++ b/2022/0xxx/CVE-2022-0891.json @@ -83,6 +83,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/0xxx/CVE-2022-0918.json b/2022/0xxx/CVE-2022-0918.json index 928621b29282..8176d375b56c 100644 --- a/2022/0xxx/CVE-2022-0918.json +++ b/2022/0xxx/CVE-2022-0918.json @@ -1,12 +1,32 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0918", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +39,8 @@ "version": { "version_data": [ { - "version_value": "1.4" + "version_value": "1.4", + "version_affected": "=" } ] } @@ -30,38 +51,29 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Uncontrolled Resource Consumption" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815" }, { + "url": "https://access.redhat.com/security/cve/CVE-2022-0918", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2022-0918", - "url": "https://access.redhat.com/security/cve/CVE-2022-0918" - } - ] - }, - "description": { - "description_data": [ + "name": "https://access.redhat.com/security/cve/CVE-2022-0918" + }, { - "lang": "eng", - "value": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing." + "url": "https://github.com/389ds/389-ds-base/issues/5242", + "refsource": "MISC", + "name": "https://github.com/389ds/389-ds-base/issues/5242" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1056.json b/2022/1xxx/CVE-2022-1056.json index 4408b665efcc..3ec188cf3feb 100644 --- a/2022/1xxx/CVE-2022-1056.json +++ b/2022/1xxx/CVE-2022-1056.json @@ -63,6 +63,11 @@ "refsource": "GENTOO", "name": "GLSA-202210-10", "url": "https://security.gentoo.org/glsa/202210-10" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0008/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0008/" } ] }, diff --git a/2022/1xxx/CVE-2022-1097.json b/2022/1xxx/CVE-2022-1097.json index 235ec9f67a1f..6611d358a6dd 100644 --- a/2022/1xxx/CVE-2022-1097.json +++ b/2022/1xxx/CVE-2022-1097.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "99", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in NSSToken objects" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-14/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8." } ] } diff --git a/2022/1xxx/CVE-2022-1101.json b/2022/1xxx/CVE-2022-1101.json index 7409570f51a3..512b60ac9d53 100644 --- a/2022/1xxx/CVE-2022-1101.json +++ b/2022/1xxx/CVE-2022-1101.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Royale Event Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /royal_event/userregister.php. Durch das Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Royale Event Management System", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195785", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195785" + }, + { + "url": "https://vuldb.com/?ctiid.195785", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.195785" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mrempy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" } ] } diff --git a/2022/1xxx/CVE-2022-1102.json b/2022/1xxx/CVE-2022-1102.json index 2acafbf92db4..3eaa5e21d966 100644 --- a/2022/1xxx/CVE-2022-1102.json +++ b/2022/1xxx/CVE-2022-1102.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in SourceCodester Royale Event Management System 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /royal_event/companyprofile.php. Durch Manipulieren des Arguments companyname/regno/companyaddress/companyemail mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Royale Event Management System", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195786", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195786" + }, + { + "url": "https://vuldb.com/?ctiid.195786", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.195786" + }, + { + "url": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mrempy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/1xxx/CVE-2022-1196.json b/2022/1xxx/CVE-2022-1196.json index 431b434fd2ce..215bfddee251 100644 --- a/2022/1xxx/CVE-2022-1196.json +++ b/2022/1xxx/CVE-2022-1196.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free after VR Process destruction" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-14/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750679", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750679" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8." } ] } diff --git a/2022/1xxx/CVE-2022-1197.json b/2022/1xxx/CVE-2022-1197.json index 7ea970a38f77..44ab4378e3a4 100644 --- a/2022/1xxx/CVE-2022-1197.json +++ b/2022/1xxx/CVE-2022-1197.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.8", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OpenPGP revocation information was ignored" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-15/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1754985", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1754985" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8." } ] } diff --git a/2022/1xxx/CVE-2022-1199.json b/2022/1xxx/CVE-2022-1199.json index 381bad53d1c8..c69537152fd9 100644 --- a/2022/1xxx/CVE-2022-1199.json +++ b/2022/1xxx/CVE-2022-1199.json @@ -73,6 +73,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-1199", "url": "https://access.redhat.com/security/cve/CVE-2022-1199" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20221228-0006/", + "url": "https://security.netapp.com/advisory/ntap-20221228-0006/" } ] }, diff --git a/2022/1xxx/CVE-2022-1401.json b/2022/1xxx/CVE-2022-1401.json index 060381a0d62d..f669947e5a50 100644 --- a/2022/1xxx/CVE-2022-1401.json +++ b/2022/1xxx/CVE-2022-1401.json @@ -1,15 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve-requests@bitdefender.com", - "DATE_PUBLIC": "2022-08-16T19:00:00.000Z", "ID": "CVE-2022-1401", - "STATE": "PUBLIC", - "TITLE": "Insufficient validation of provided paths in Exago WrImageResource.axd" + "ASSIGNER": "cve-requests@bitdefender.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Device42", "product": { "product_data": [ { @@ -17,95 +40,80 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_value": "18.01.00" + "version_value": "unspecified", + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Device42" + } } ] } }, - "credit": [ + "references": { + "reference_data": [ + { + "url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/", + "refsource": "MISC", + "name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ { - "lang": "eng", + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

An update to Device42 CMDB version 18.01.00 fixes the issue.

" + } + ], + "value": "An update to Device42 CMDB version 18.01.00 fixes the issue.\n\n" + } + ], + "credits": [ + { + "lang": "en", "value": "\u0218tefania POPESCU - Team Lead, Security @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Ionu\u021b LALU - Security Engineer @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Cristian BUZA - Security Engineer @ Bitdefender" }, { - "lang": "eng", + "lang": "en", "value": "Alexandru LAZ\u0102R - Security Researcher @ Bitdefender" } ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ + "cvss": [ { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } - ] + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" } ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/", - "name": "https://www.bitdefender.com/blog/labs/a-red-team-perspective-on-the-device42-asset-management-appliance/" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "An update to Device42 CMDB version 18.01.00 fixes the issue." - } - ], - "source": { - "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1471.json b/2022/1xxx/CVE-2022-1471.json index ba06054f09e9..9a81fc1e3551 100644 --- a/2022/1xxx/CVE-2022-1471.json +++ b/2022/1xxx/CVE-2022-1471.json @@ -58,6 +58,21 @@ "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "refsource": "MISC", "name": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" + }, + { + "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479", + "refsource": "MISC", + "name": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479" + }, + { + "url": "https://github.com/mbechler/marshalsec", + "refsource": "MISC", + "name": "https://github.com/mbechler/marshalsec" + }, + { + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" } ] }, diff --git a/2022/1xxx/CVE-2022-1520.json b/2022/1xxx/CVE-2022-1520.json index 0650238fe457..8ea9a999ad93 100644 --- a/2022/1xxx/CVE-2022-1520.json +++ b/2022/1xxx/CVE-2022-1520.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security status shown after viewing an attached email" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-18/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-18/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745019", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745019" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9." } ] } diff --git a/2022/1xxx/CVE-2022-1529.json b/2022/1xxx/CVE-2022-1529.json index 9ae7eecd80f7..a090076b2d58 100644 --- a/2022/1xxx/CVE-2022-1529.json +++ b/2022/1xxx/CVE-2022-1529.json @@ -4,14 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "100.0.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox for Android", + "version": { + "version_data": [ + { + "version_value": "100.3.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted input used in JavaScript object indexing, leading to prototype pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-19/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-19/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770048", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770048" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1." } ] } diff --git a/2022/1xxx/CVE-2022-1705.json b/2022/1xxx/CVE-2022-1705.json index defd46e2ac5c..de102ed0b5d1 100644 --- a/2022/1xxx/CVE-2022-1705.json +++ b/2022/1xxx/CVE-2022-1705.json @@ -1,16 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@golang.org", "ID": "CVE-2022-1705", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Go standard library", "product": { "product_data": [ { @@ -18,47 +39,22 @@ "version": { "version_data": [ { - "version_value": "1.17.12", - "version_affected": "<" + "version_value": "0", + "version_affected": "=" }, { "version_value": "1.18.0", - "version_affected": ">=" - }, - { - "version_value": "1.18.4", - "version_affected": "<" + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Go" + } } ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -90,17 +86,12 @@ "url": "https://go.dev/cl/410714", "refsource": "MISC", "name": "https://go.dev/cl/410714" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-30c5ed5625", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ] }, - "credit": [ + "credits": [ { - "lang": "eng", + "lang": "en", "value": "Zeyu Zhang (https://www.zeyu2001.com/)" } ] diff --git a/2022/1xxx/CVE-2022-1802.json b/2022/1xxx/CVE-2022-1802.json index d02eb7554be1..23e38705a680 100644 --- a/2022/1xxx/CVE-2022-1802.json +++ b/2022/1xxx/CVE-2022-1802.json @@ -4,14 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "100.0.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox for Android", + "version": { + "version_data": [ + { + "version_value": "100.3.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.9.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype pollution in Top-Level Await implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-19/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-19/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770137", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770137" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1." } ] } diff --git a/2022/1xxx/CVE-2022-1834.json b/2022/1xxx/CVE-2022-1834.json index 223094ac3ab3..f2f57ad17145 100644 --- a/2022/1xxx/CVE-2022-1834.json +++ b/2022/1xxx/CVE-2022-1834.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.10", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Braille space character caused incorrect sender email to be shown for a digitally signed email" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-22/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-22/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767816", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767816" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10." } ] } diff --git a/2022/1xxx/CVE-2022-1887.json b/2022/1xxx/CVE-2022-1887.json index e7e808314394..35d8fee4cdd8 100644 --- a/2022/1xxx/CVE-2022-1887.json +++ b/2022/1xxx/CVE-2022-1887.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_value": "101", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection in history tab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-23/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-23/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1767205" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101." } ] } diff --git a/2022/1xxx/CVE-2022-1941.json b/2022/1xxx/CVE-2022-1941.json index b26a494b2a84..1127296f501d 100644 --- a/2022/1xxx/CVE-2022-1941.json +++ b/2022/1xxx/CVE-2022-1941.json @@ -150,6 +150,11 @@ "refsource": "MLIST", "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS", "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2022-25f35ed634", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" } ] }, diff --git a/2022/1xxx/CVE-2022-1958.json b/2022/1xxx/CVE-2022-1958.json index 1dde4ec53b57..6b2055c1fbb9 100644 --- a/2022/1xxx/CVE-2022-1958.json +++ b/2022/1xxx/CVE-2022-1958.json @@ -1,20 +1,42 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1958", - "TITLE": "FileCloud NTFS access control", - "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, - "generator": "vuldb.com", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in FileCloud entdeckt. Es betrifft eine unbekannte Funktion der Komponente NTFS Handler. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 21.3.5.18513 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "", + "vendor_name": "n/a", "product": { "product_data": [ { @@ -22,7 +44,8 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "n/a", + "version_affected": "=" } ] } @@ -33,34 +56,6 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Controls" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component." - } - ] - }, - "credit": "Andrea Hauser/Ralph Meier", - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "6.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" - } - }, "references": { "reference_data": [ { @@ -77,6 +72,37 @@ "url": "https://www.scip.ch/?news.20220615", "refsource": "MISC", "name": "https://www.scip.ch/?news.20220615" + }, + { + "url": "https://vuldb.com/?ctiid.201960", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.201960" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Hauser" + }, + { + "lang": "en", + "value": "Ralph Meier" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/1xxx/CVE-2022-1962.json b/2022/1xxx/CVE-2022-1962.json index 951f8693c9be..cbb760b751a3 100644 --- a/2022/1xxx/CVE-2022-1962.json +++ b/2022/1xxx/CVE-2022-1962.json @@ -1,16 +1,37 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@golang.org", "ID": "CVE-2022-1962", + "ASSIGNER": "security@golang.org", "STATE": "PUBLIC" }, - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-674: Uncontrolled Recursion" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Go standard library", "product": { "product_data": [ { @@ -18,47 +39,22 @@ "version": { "version_data": [ { - "version_value": "1.17.12", - "version_affected": "<" + "version_value": "0", + "version_affected": "=" }, { "version_value": "1.18.0", - "version_affected": ">=" - }, - { - "version_value": "1.18.4", - "version_affected": "<" + "version_affected": "=" } ] } } ] - }, - "vendor_name": "Go" + } } ] } }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-674: Uncontrolled Recursion" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -85,17 +81,12 @@ "url": "https://go.dev/issue/53616", "refsource": "MISC", "name": "https://go.dev/issue/53616" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2022-30c5ed5625", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ] }, - "credit": [ + "credits": [ { - "lang": "eng", + "lang": "en", "value": "Juho Nurminen of Mattermost" } ] diff --git a/2022/20xxx/CVE-2022-20199.json b/2022/20xxx/CVE-2022-20199.json index facf07ef098b..97f971a4669d 100644 --- a/2022/20xxx/CVE-2022-20199.json +++ b/2022/20xxx/CVE-2022-20199.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025" } ] } diff --git a/2022/20xxx/CVE-2022-20369.json b/2022/20xxx/CVE-2022-20369.json index e87ae4dfd31c..c20e50c5aa06 100644 --- a/2022/20xxx/CVE-2022-20369.json +++ b/2022/20xxx/CVE-2022-20369.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/pixel/2022-08-01", "url": "https://source.android.com/security/bulletin/pixel/2022-08-01" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] }, diff --git a/2022/20xxx/CVE-2022-20463.json b/2022/20xxx/CVE-2022-20463.json index b309baad48bc..049e0b892e88 100644 --- a/2022/20xxx/CVE-2022-20463.json +++ b/2022/20xxx/CVE-2022-20463.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20463", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-10 Android-11 Android-12 Android-12L Android-13" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of privilege" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2022-11-01", - "url": "https://source.android.com/security/bulletin/2022-11-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In factoryReset of WifiServiceImpl, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to a local non-security issue across network factory resets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231985227" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/20xxx/CVE-2022-20503.json b/2022/20xxx/CVE-2022-20503.json index b221d4409614..1c246ffb80f5 100644 --- a/2022/20xxx/CVE-2022-20503.json +++ b/2022/20xxx/CVE-2022-20503.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890" } ] } diff --git a/2022/20xxx/CVE-2022-20504.json b/2022/20xxx/CVE-2022-20504.json index c2b0b83b8579..300ed1991dc7 100644 --- a/2022/20xxx/CVE-2022-20504.json +++ b/2022/20xxx/CVE-2022-20504.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553" } ] } diff --git a/2022/20xxx/CVE-2022-20505.json b/2022/20xxx/CVE-2022-20505.json index 6a780c789678..ef7be7120ff6 100644 --- a/2022/20xxx/CVE-2022-20505.json +++ b/2022/20xxx/CVE-2022-20505.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754" } ] } diff --git a/2022/20xxx/CVE-2022-20506.json b/2022/20xxx/CVE-2022-20506.json index 065c2310ee24..bf3002b5e30d 100644 --- a/2022/20xxx/CVE-2022-20506.json +++ b/2022/20xxx/CVE-2022-20506.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034" } ] } diff --git a/2022/20xxx/CVE-2022-20507.json b/2022/20xxx/CVE-2022-20507.json index 6719daa83ec0..2bfce179c199 100644 --- a/2022/20xxx/CVE-2022-20507.json +++ b/2022/20xxx/CVE-2022-20507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179" } ] } diff --git a/2022/20xxx/CVE-2022-20508.json b/2022/20xxx/CVE-2022-20508.json index 35e02dabb1f1..bec355aea8e7 100644 --- a/2022/20xxx/CVE-2022-20508.json +++ b/2022/20xxx/CVE-2022-20508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614" } ] } diff --git a/2022/20xxx/CVE-2022-20509.json b/2022/20xxx/CVE-2022-20509.json index 05595a90abf7..8247a7229d9b 100644 --- a/2022/20xxx/CVE-2022-20509.json +++ b/2022/20xxx/CVE-2022-20509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317" } ] } diff --git a/2022/20xxx/CVE-2022-20510.json b/2022/20xxx/CVE-2022-20510.json index 14983dfe6d1f..23f0649dd5ba 100644 --- a/2022/20xxx/CVE-2022-20510.json +++ b/2022/20xxx/CVE-2022-20510.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336" } ] } diff --git a/2022/20xxx/CVE-2022-20511.json b/2022/20xxx/CVE-2022-20511.json index 10496a5a628b..ad4ea3811336 100644 --- a/2022/20xxx/CVE-2022-20511.json +++ b/2022/20xxx/CVE-2022-20511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829" } ] } diff --git a/2022/20xxx/CVE-2022-20512.json b/2022/20xxx/CVE-2022-20512.json index 0e8d058fcdbc..66973468dcf5 100644 --- a/2022/20xxx/CVE-2022-20512.json +++ b/2022/20xxx/CVE-2022-20512.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879" } ] } diff --git a/2022/20xxx/CVE-2022-20513.json b/2022/20xxx/CVE-2022-20513.json index c3551997d0eb..1f205cb3520c 100644 --- a/2022/20xxx/CVE-2022-20513.json +++ b/2022/20xxx/CVE-2022-20513.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759" } ] } diff --git a/2022/20xxx/CVE-2022-20514.json b/2022/20xxx/CVE-2022-20514.json index db12d8dd8b7c..d8e5e0c588df 100644 --- a/2022/20xxx/CVE-2022-20514.json +++ b/2022/20xxx/CVE-2022-20514.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875" } ] } diff --git a/2022/20xxx/CVE-2022-20515.json b/2022/20xxx/CVE-2022-20515.json index d0da9f618207..380fb84957f4 100644 --- a/2022/20xxx/CVE-2022-20515.json +++ b/2022/20xxx/CVE-2022-20515.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496" } ] } diff --git a/2022/20xxx/CVE-2022-20516.json b/2022/20xxx/CVE-2022-20516.json index 44a51c0936b4..82dfe0488160 100644 --- a/2022/20xxx/CVE-2022-20516.json +++ b/2022/20xxx/CVE-2022-20516.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331" } ] } diff --git a/2022/20xxx/CVE-2022-20517.json b/2022/20xxx/CVE-2022-20517.json index 106a32fe02b0..11c864e20917 100644 --- a/2022/20xxx/CVE-2022-20517.json +++ b/2022/20xxx/CVE-2022-20517.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956" } ] } diff --git a/2022/20xxx/CVE-2022-20518.json b/2022/20xxx/CVE-2022-20518.json index bfad0933f75a..34ab2512b2e2 100644 --- a/2022/20xxx/CVE-2022-20518.json +++ b/2022/20xxx/CVE-2022-20518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203" } ] } diff --git a/2022/20xxx/CVE-2022-20519.json b/2022/20xxx/CVE-2022-20519.json index ee91f8bf8d8b..40ec019b503b 100644 --- a/2022/20xxx/CVE-2022-20519.json +++ b/2022/20xxx/CVE-2022-20519.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678" } ] } diff --git a/2022/20xxx/CVE-2022-20520.json b/2022/20xxx/CVE-2022-20520.json index f3c1abc8af6a..80e1ec7ee9e0 100644 --- a/2022/20xxx/CVE-2022-20520.json +++ b/2022/20xxx/CVE-2022-20520.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202" } ] } diff --git a/2022/20xxx/CVE-2022-20521.json b/2022/20xxx/CVE-2022-20521.json index e95913eacdde..77211619f1b7 100644 --- a/2022/20xxx/CVE-2022-20521.json +++ b/2022/20xxx/CVE-2022-20521.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684" } ] } diff --git a/2022/20xxx/CVE-2022-20522.json b/2022/20xxx/CVE-2022-20522.json index 2800d1110feb..cec72bc3fdd7 100644 --- a/2022/20xxx/CVE-2022-20522.json +++ b/2022/20xxx/CVE-2022-20522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877" } ] } diff --git a/2022/20xxx/CVE-2022-20523.json b/2022/20xxx/CVE-2022-20523.json index d4109e0668de..ed11268d35c5 100644 --- a/2022/20xxx/CVE-2022-20523.json +++ b/2022/20xxx/CVE-2022-20523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508" } ] } diff --git a/2022/20xxx/CVE-2022-20524.json b/2022/20xxx/CVE-2022-20524.json index e757068f9142..969a75786e5c 100644 --- a/2022/20xxx/CVE-2022-20524.json +++ b/2022/20xxx/CVE-2022-20524.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213" } ] } diff --git a/2022/20xxx/CVE-2022-20525.json b/2022/20xxx/CVE-2022-20525.json index d1826c72df62..edd9422ee07d 100644 --- a/2022/20xxx/CVE-2022-20525.json +++ b/2022/20xxx/CVE-2022-20525.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768" } ] } diff --git a/2022/20xxx/CVE-2022-20526.json b/2022/20xxx/CVE-2022-20526.json index 0a2412848c0f..379d18c46e56 100644 --- a/2022/20xxx/CVE-2022-20526.json +++ b/2022/20xxx/CVE-2022-20526.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774" } ] } diff --git a/2022/20xxx/CVE-2022-20527.json b/2022/20xxx/CVE-2022-20527.json index 8dd3a3a527c1..3ceece1e250f 100644 --- a/2022/20xxx/CVE-2022-20527.json +++ b/2022/20xxx/CVE-2022-20527.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861" } ] } diff --git a/2022/20xxx/CVE-2022-20528.json b/2022/20xxx/CVE-2022-20528.json index dd9f629e43ae..308655e6bfae 100644 --- a/2022/20xxx/CVE-2022-20528.json +++ b/2022/20xxx/CVE-2022-20528.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711" } ] } diff --git a/2022/20xxx/CVE-2022-20529.json b/2022/20xxx/CVE-2022-20529.json index 278e1473658c..1c5a9ff4e35a 100644 --- a/2022/20xxx/CVE-2022-20529.json +++ b/2022/20xxx/CVE-2022-20529.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603" } ] } diff --git a/2022/20xxx/CVE-2022-20530.json b/2022/20xxx/CVE-2022-20530.json index 88981f10d01e..8c3d63f0eb44 100644 --- a/2022/20xxx/CVE-2022-20530.json +++ b/2022/20xxx/CVE-2022-20530.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645" } ] } diff --git a/2022/20xxx/CVE-2022-20531.json b/2022/20xxx/CVE-2022-20531.json index 648245cc6656..d16f65abed15 100644 --- a/2022/20xxx/CVE-2022-20531.json +++ b/2022/20xxx/CVE-2022-20531.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-20531", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2022/20xxx/CVE-2022-20533.json b/2022/20xxx/CVE-2022-20533.json index 63c0e0d242ea..6d3b01db2b26 100644 --- a/2022/20xxx/CVE-2022-20533.json +++ b/2022/20xxx/CVE-2022-20533.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363" } ] } diff --git a/2022/20xxx/CVE-2022-20535.json b/2022/20xxx/CVE-2022-20535.json index 766ef50a295f..ae2e13007d3d 100644 --- a/2022/20xxx/CVE-2022-20535.json +++ b/2022/20xxx/CVE-2022-20535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242" } ] } diff --git a/2022/20xxx/CVE-2022-20536.json b/2022/20xxx/CVE-2022-20536.json index ff16d33a1659..7c791fe65a4e 100644 --- a/2022/20xxx/CVE-2022-20536.json +++ b/2022/20xxx/CVE-2022-20536.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180" } ] } diff --git a/2022/20xxx/CVE-2022-20537.json b/2022/20xxx/CVE-2022-20537.json index ef2bdd57f494..4e282d7602d6 100644 --- a/2022/20xxx/CVE-2022-20537.json +++ b/2022/20xxx/CVE-2022-20537.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169" } ] } diff --git a/2022/20xxx/CVE-2022-20538.json b/2022/20xxx/CVE-2022-20538.json index d95630f06755..e6f591196102 100644 --- a/2022/20xxx/CVE-2022-20538.json +++ b/2022/20xxx/CVE-2022-20538.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770" } ] } diff --git a/2022/20xxx/CVE-2022-20539.json b/2022/20xxx/CVE-2022-20539.json index 09d1cfbf1676..57c9e651ab4e 100644 --- a/2022/20xxx/CVE-2022-20539.json +++ b/2022/20xxx/CVE-2022-20539.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425" } ] } diff --git a/2022/20xxx/CVE-2022-20540.json b/2022/20xxx/CVE-2022-20540.json index 3402ef73d8a6..a731d1c013e3 100644 --- a/2022/20xxx/CVE-2022-20540.json +++ b/2022/20xxx/CVE-2022-20540.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506" } ] } diff --git a/2022/20xxx/CVE-2022-20541.json b/2022/20xxx/CVE-2022-20541.json index 533892bd39c7..4071edbaa543 100644 --- a/2022/20xxx/CVE-2022-20541.json +++ b/2022/20xxx/CVE-2022-20541.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126" } ] } diff --git a/2022/20xxx/CVE-2022-20543.json b/2022/20xxx/CVE-2022-20543.json index c9939fc22b6b..0b4e987d7c5d 100644 --- a/2022/20xxx/CVE-2022-20543.json +++ b/2022/20xxx/CVE-2022-20543.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261" } ] } diff --git a/2022/20xxx/CVE-2022-20544.json b/2022/20xxx/CVE-2022-20544.json index 01046048c8c3..469970bda5ad 100644 --- a/2022/20xxx/CVE-2022-20544.json +++ b/2022/20xxx/CVE-2022-20544.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070" } ] } diff --git a/2022/20xxx/CVE-2022-20545.json b/2022/20xxx/CVE-2022-20545.json index 799934207314..10fbc9aee85f 100644 --- a/2022/20xxx/CVE-2022-20545.json +++ b/2022/20xxx/CVE-2022-20545.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697" } ] } diff --git a/2022/20xxx/CVE-2022-20546.json b/2022/20xxx/CVE-2022-20546.json index 4f9c304d3386..850c267a23c4 100644 --- a/2022/20xxx/CVE-2022-20546.json +++ b/2022/20xxx/CVE-2022-20546.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798" } ] } diff --git a/2022/20xxx/CVE-2022-20547.json b/2022/20xxx/CVE-2022-20547.json index f0c7714222a9..aaab0475ac44 100644 --- a/2022/20xxx/CVE-2022-20547.json +++ b/2022/20xxx/CVE-2022-20547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753" } ] } diff --git a/2022/20xxx/CVE-2022-20548.json b/2022/20xxx/CVE-2022-20548.json index d920a4bdc078..c6538d696a99 100644 --- a/2022/20xxx/CVE-2022-20548.json +++ b/2022/20xxx/CVE-2022-20548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398" } ] } diff --git a/2022/20xxx/CVE-2022-20549.json b/2022/20xxx/CVE-2022-20549.json index f91516993cb8..f04ebd2967a5 100644 --- a/2022/20xxx/CVE-2022-20549.json +++ b/2022/20xxx/CVE-2022-20549.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451" } ] } diff --git a/2022/20xxx/CVE-2022-20550.json b/2022/20xxx/CVE-2022-20550.json index 89d2a96e8b2a..2874953be807 100644 --- a/2022/20xxx/CVE-2022-20550.json +++ b/2022/20xxx/CVE-2022-20550.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514" } ] } diff --git a/2022/20xxx/CVE-2022-20552.json b/2022/20xxx/CVE-2022-20552.json index 828e0efc85d8..76e1b469b2c5 100644 --- a/2022/20xxx/CVE-2022-20552.json +++ b/2022/20xxx/CVE-2022-20552.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806" } ] } diff --git a/2022/20xxx/CVE-2022-20553.json b/2022/20xxx/CVE-2022-20553.json index d517a661985a..8aea6a1feed7 100644 --- a/2022/20xxx/CVE-2022-20553.json +++ b/2022/20xxx/CVE-2022-20553.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265" } ] } diff --git a/2022/20xxx/CVE-2022-20554.json b/2022/20xxx/CVE-2022-20554.json index c55257780bc2..d9b266d05988 100644 --- a/2022/20xxx/CVE-2022-20554.json +++ b/2022/20xxx/CVE-2022-20554.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596" } ] } diff --git a/2022/20xxx/CVE-2022-20555.json b/2022/20xxx/CVE-2022-20555.json index 699481646a52..d3d84bb03b9a 100644 --- a/2022/20xxx/CVE-2022-20555.json +++ b/2022/20xxx/CVE-2022-20555.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233" } ] } diff --git a/2022/20xxx/CVE-2022-20556.json b/2022/20xxx/CVE-2022-20556.json index ce351507ca3e..52f32c5181ec 100644 --- a/2022/20xxx/CVE-2022-20556.json +++ b/2022/20xxx/CVE-2022-20556.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667" } ] } diff --git a/2022/20xxx/CVE-2022-20557.json b/2022/20xxx/CVE-2022-20557.json index ceba525347f5..53583fe7ebb5 100644 --- a/2022/20xxx/CVE-2022-20557.json +++ b/2022/20xxx/CVE-2022-20557.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734" } ] } diff --git a/2022/20xxx/CVE-2022-20558.json b/2022/20xxx/CVE-2022-20558.json index 69faf4e6fc52..a3d5b67c1bf2 100644 --- a/2022/20xxx/CVE-2022-20558.json +++ b/2022/20xxx/CVE-2022-20558.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289" } ] } diff --git a/2022/20xxx/CVE-2022-20559.json b/2022/20xxx/CVE-2022-20559.json index 89850280fdf3..80c5bfba62ce 100644 --- a/2022/20xxx/CVE-2022-20559.json +++ b/2022/20xxx/CVE-2022-20559.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967" } ] } diff --git a/2022/20xxx/CVE-2022-20560.json b/2022/20xxx/CVE-2022-20560.json index ede84ad64db1..655990471742 100644 --- a/2022/20xxx/CVE-2022-20560.json +++ b/2022/20xxx/CVE-2022-20560.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20561.json b/2022/20xxx/CVE-2022-20561.json index 2a4d9a7edbe9..87664ef9fde9 100644 --- a/2022/20xxx/CVE-2022-20561.json +++ b/2022/20xxx/CVE-2022-20561.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20562.json b/2022/20xxx/CVE-2022-20562.json index 66b0ff1754bd..55b507c035f3 100644 --- a/2022/20xxx/CVE-2022-20562.json +++ b/2022/20xxx/CVE-2022-20562.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20563.json b/2022/20xxx/CVE-2022-20563.json index b06a1d9a6e78..9c1dd85057fa 100644 --- a/2022/20xxx/CVE-2022-20563.json +++ b/2022/20xxx/CVE-2022-20563.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20564.json b/2022/20xxx/CVE-2022-20564.json index c367225ca1cc..a67dd8b84cb3 100644 --- a/2022/20xxx/CVE-2022-20564.json +++ b/2022/20xxx/CVE-2022-20564.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20566.json b/2022/20xxx/CVE-2022-20566.json index f4d9dcd5ee44..02066f425567 100644 --- a/2022/20xxx/CVE-2022-20566.json +++ b/2022/20xxx/CVE-2022-20566.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20567.json b/2022/20xxx/CVE-2022-20567.json index 07cc70b9458e..1643a184e1cc 100644 --- a/2022/20xxx/CVE-2022-20567.json +++ b/2022/20xxx/CVE-2022-20567.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20568.json b/2022/20xxx/CVE-2022-20568.json index d3f42e35d747..749aacb521fd 100644 --- a/2022/20xxx/CVE-2022-20568.json +++ b/2022/20xxx/CVE-2022-20568.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20569.json b/2022/20xxx/CVE-2022-20569.json index f45b488d2520..74e522a8fc5a 100644 --- a/2022/20xxx/CVE-2022-20569.json +++ b/2022/20xxx/CVE-2022-20569.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20570.json b/2022/20xxx/CVE-2022-20570.json index a515ccc0d5ef..8a626da06815 100644 --- a/2022/20xxx/CVE-2022-20570.json +++ b/2022/20xxx/CVE-2022-20570.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20571.json b/2022/20xxx/CVE-2022-20571.json index 56c47c7c1597..9a74483354db 100644 --- a/2022/20xxx/CVE-2022-20571.json +++ b/2022/20xxx/CVE-2022-20571.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20572.json b/2022/20xxx/CVE-2022-20572.json index aa6217307a57..b68131a9d84f 100644 --- a/2022/20xxx/CVE-2022-20572.json +++ b/2022/20xxx/CVE-2022-20572.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel" } ] } diff --git a/2022/20xxx/CVE-2022-20574.json b/2022/20xxx/CVE-2022-20574.json index bb28fe065794..fb9757db29eb 100644 --- a/2022/20xxx/CVE-2022-20574.json +++ b/2022/20xxx/CVE-2022-20574.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20575.json b/2022/20xxx/CVE-2022-20575.json index 0168e263c5bc..2f115c1830b3 100644 --- a/2022/20xxx/CVE-2022-20575.json +++ b/2022/20xxx/CVE-2022-20575.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20576.json b/2022/20xxx/CVE-2022-20576.json index 7b98fbbe64ff..5648effb8d0c 100644 --- a/2022/20xxx/CVE-2022-20576.json +++ b/2022/20xxx/CVE-2022-20576.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20577.json b/2022/20xxx/CVE-2022-20577.json index 591ae942687f..0c2b2269cd7a 100644 --- a/2022/20xxx/CVE-2022-20577.json +++ b/2022/20xxx/CVE-2022-20577.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20578.json b/2022/20xxx/CVE-2022-20578.json index 51e32a22b4b4..f8b4f3f67de0 100644 --- a/2022/20xxx/CVE-2022-20578.json +++ b/2022/20xxx/CVE-2022-20578.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20579.json b/2022/20xxx/CVE-2022-20579.json index 8ad2c3f657b7..6a9beda40510 100644 --- a/2022/20xxx/CVE-2022-20579.json +++ b/2022/20xxx/CVE-2022-20579.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20580.json b/2022/20xxx/CVE-2022-20580.json index cab9782135bd..fa1b3e932dd0 100644 --- a/2022/20xxx/CVE-2022-20580.json +++ b/2022/20xxx/CVE-2022-20580.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20581.json b/2022/20xxx/CVE-2022-20581.json index d7db286a42c5..4b50632abe0f 100644 --- a/2022/20xxx/CVE-2022-20581.json +++ b/2022/20xxx/CVE-2022-20581.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20582.json b/2022/20xxx/CVE-2022-20582.json index 23af71b4b80c..c8c94c6178bc 100644 --- a/2022/20xxx/CVE-2022-20582.json +++ b/2022/20xxx/CVE-2022-20582.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20583.json b/2022/20xxx/CVE-2022-20583.json index 091d6f2de479..d1e096335293 100644 --- a/2022/20xxx/CVE-2022-20583.json +++ b/2022/20xxx/CVE-2022-20583.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20584.json b/2022/20xxx/CVE-2022-20584.json index bdf733b249e2..7f8709e7988d 100644 --- a/2022/20xxx/CVE-2022-20584.json +++ b/2022/20xxx/CVE-2022-20584.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20585.json b/2022/20xxx/CVE-2022-20585.json index 778f9a145c50..52c282bfde85 100644 --- a/2022/20xxx/CVE-2022-20585.json +++ b/2022/20xxx/CVE-2022-20585.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20586.json b/2022/20xxx/CVE-2022-20586.json index 0e0e9b8c68f9..2e0ec4a31d9c 100644 --- a/2022/20xxx/CVE-2022-20586.json +++ b/2022/20xxx/CVE-2022-20586.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20587.json b/2022/20xxx/CVE-2022-20587.json index 8352fcd06402..e6c517cc0cc6 100644 --- a/2022/20xxx/CVE-2022-20587.json +++ b/2022/20xxx/CVE-2022-20587.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20588.json b/2022/20xxx/CVE-2022-20588.json index 809ac326dcaf..75f1577817b4 100644 --- a/2022/20xxx/CVE-2022-20588.json +++ b/2022/20xxx/CVE-2022-20588.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20589.json b/2022/20xxx/CVE-2022-20589.json index d3436c32eba6..2665bc3cc23a 100644 --- a/2022/20xxx/CVE-2022-20589.json +++ b/2022/20xxx/CVE-2022-20589.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20590.json b/2022/20xxx/CVE-2022-20590.json index 83bdfb4f57c0..44960824924f 100644 --- a/2022/20xxx/CVE-2022-20590.json +++ b/2022/20xxx/CVE-2022-20590.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20591.json b/2022/20xxx/CVE-2022-20591.json index 610e7c367e69..33dc861d6a47 100644 --- a/2022/20xxx/CVE-2022-20591.json +++ b/2022/20xxx/CVE-2022-20591.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20592.json b/2022/20xxx/CVE-2022-20592.json index 705f667842e3..f9d122beee0c 100644 --- a/2022/20xxx/CVE-2022-20592.json +++ b/2022/20xxx/CVE-2022-20592.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20593.json b/2022/20xxx/CVE-2022-20593.json index dd7d18c2f152..ed77c14bcbfc 100644 --- a/2022/20xxx/CVE-2022-20593.json +++ b/2022/20xxx/CVE-2022-20593.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20594.json b/2022/20xxx/CVE-2022-20594.json index 40ed80b08240..448f76dfbf16 100644 --- a/2022/20xxx/CVE-2022-20594.json +++ b/2022/20xxx/CVE-2022-20594.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20595.json b/2022/20xxx/CVE-2022-20595.json index 1bb27f6481c9..a9a07bf24ed6 100644 --- a/2022/20xxx/CVE-2022-20595.json +++ b/2022/20xxx/CVE-2022-20595.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20596.json b/2022/20xxx/CVE-2022-20596.json index e859f47e9763..fc4dc4c8ae98 100644 --- a/2022/20xxx/CVE-2022-20596.json +++ b/2022/20xxx/CVE-2022-20596.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20597.json b/2022/20xxx/CVE-2022-20597.json index 2c15b2e1ce32..3496e661881e 100644 --- a/2022/20xxx/CVE-2022-20597.json +++ b/2022/20xxx/CVE-2022-20597.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20598.json b/2022/20xxx/CVE-2022-20598.json index 89bb859a843d..0fae34f7de72 100644 --- a/2022/20xxx/CVE-2022-20598.json +++ b/2022/20xxx/CVE-2022-20598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20599.json b/2022/20xxx/CVE-2022-20599.json index 7d58cccd8a97..aea479238d84 100644 --- a/2022/20xxx/CVE-2022-20599.json +++ b/2022/20xxx/CVE-2022-20599.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20600.json b/2022/20xxx/CVE-2022-20600.json index 95d7cf5b14cd..ee6268d86b35 100644 --- a/2022/20xxx/CVE-2022-20600.json +++ b/2022/20xxx/CVE-2022-20600.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20601.json b/2022/20xxx/CVE-2022-20601.json index 2f45f24726ad..aaac3fa47829 100644 --- a/2022/20xxx/CVE-2022-20601.json +++ b/2022/20xxx/CVE-2022-20601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20602.json b/2022/20xxx/CVE-2022-20602.json index 3801696ce301..7bf7e8025182 100644 --- a/2022/20xxx/CVE-2022-20602.json +++ b/2022/20xxx/CVE-2022-20602.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20603.json b/2022/20xxx/CVE-2022-20603.json index 8d0a9a7bd3ac..604c16bfb0e3 100644 --- a/2022/20xxx/CVE-2022-20603.json +++ b/2022/20xxx/CVE-2022-20603.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20604.json b/2022/20xxx/CVE-2022-20604.json index e7f1b638ccda..70f3b1b70913 100644 --- a/2022/20xxx/CVE-2022-20604.json +++ b/2022/20xxx/CVE-2022-20604.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20605.json b/2022/20xxx/CVE-2022-20605.json index 778ef3fc53a2..19486453bbec 100644 --- a/2022/20xxx/CVE-2022-20605.json +++ b/2022/20xxx/CVE-2022-20605.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20606.json b/2022/20xxx/CVE-2022-20606.json index f14681471238..61832dfd1016 100644 --- a/2022/20xxx/CVE-2022-20606.json +++ b/2022/20xxx/CVE-2022-20606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20607.json b/2022/20xxx/CVE-2022-20607.json index 550afa9c7dc8..b49df5ff5c30 100644 --- a/2022/20xxx/CVE-2022-20607.json +++ b/2022/20xxx/CVE-2022-20607.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20608.json b/2022/20xxx/CVE-2022-20608.json index 473596cf3778..3e176670f02a 100644 --- a/2022/20xxx/CVE-2022-20608.json +++ b/2022/20xxx/CVE-2022-20608.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20609.json b/2022/20xxx/CVE-2022-20609.json index 0009a1ba965a..ceaf43f0bda9 100644 --- a/2022/20xxx/CVE-2022-20609.json +++ b/2022/20xxx/CVE-2022-20609.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A" } ] } diff --git a/2022/20xxx/CVE-2022-20610.json b/2022/20xxx/CVE-2022-20610.json index 89715c784b05..44bc7097e74c 100644 --- a/2022/20xxx/CVE-2022-20610.json +++ b/2022/20xxx/CVE-2022-20610.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2022-12-01", + "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A" } ] } diff --git a/2022/21xxx/CVE-2022-21620.json b/2022/21xxx/CVE-2022-21620.json index 64eb43b5f2cd..5107dbfa362d 100644 --- a/2022/21xxx/CVE-2022-21620.json +++ b/2022/21xxx/CVE-2022-21620.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21621.json b/2022/21xxx/CVE-2022-21621.json index 66e54816e11f..c784faafada6 100644 --- a/2022/21xxx/CVE-2022-21621.json +++ b/2022/21xxx/CVE-2022-21621.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21627.json b/2022/21xxx/CVE-2022-21627.json index aecaf8ea7f35..e05fc624c0fe 100644 --- a/2022/21xxx/CVE-2022-21627.json +++ b/2022/21xxx/CVE-2022-21627.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2022.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-03", + "url": "https://security.gentoo.org/glsa/202212-03" } ] } diff --git a/2022/21xxx/CVE-2022-21712.json b/2022/21xxx/CVE-2022-21712.json index 6bcb6e043045..06e89495d864 100644 --- a/2022/21xxx/CVE-2022-21712.json +++ b/2022/21xxx/CVE-2022-21712.json @@ -98,6 +98,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-9a489fa494", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-02", + "url": "https://security.gentoo.org/glsa/202301-02" } ] }, diff --git a/2022/21xxx/CVE-2022-21716.json b/2022/21xxx/CVE-2022-21716.json index ab0a115f7ad4..5ccbbb3363d0 100644 --- a/2022/21xxx/CVE-2022-21716.json +++ b/2022/21xxx/CVE-2022-21716.json @@ -108,6 +108,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-9a489fa494", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202301-02", + "url": "https://security.gentoo.org/glsa/202301-02" } ] }, diff --git a/2022/22xxx/CVE-2022-22063.json b/2022/22xxx/CVE-2022-22063.json index 3533062333a4..45258a83d4cb 100644 --- a/2022/22xxx/CVE-2022-22063.json +++ b/2022/22xxx/CVE-2022-22063.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Core due to improper configuration in boot remapper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "MDM9640", + "version_affected": "=" + }, + { + "version_value": "MDM9645", + "version_affected": "=" + }, + { + "version_value": "QCA6174", + "version_affected": "=" + }, + { + "version_value": "QCA6174A", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22079.json b/2022/22xxx/CVE-2022-22079.json index 2d941cf1bb13..77a5b98bcf3c 100644 --- a/2022/22xxx/CVE-2022-22079.json +++ b/2022/22xxx/CVE-2022-22079.json @@ -1,17 +1,260 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial of service while processing fastboot flash command on mmc due to buffer over read" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8009", + "version_affected": "=" + }, + { + "version_value": "APQ8009W", + "version_affected": "=" + }, + { + "version_value": "APQ8064AU", + "version_affected": "=" + }, + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "MDM9150", + "version_affected": "=" + }, + { + "version_value": "MDM9250", + "version_affected": "=" + }, + { + "version_value": "MDM9628", + "version_affected": "=" + }, + { + "version_value": "MDM9650", + "version_affected": "=" + }, + { + "version_value": "MSM8108", + "version_affected": "=" + }, + { + "version_value": "MSM8208", + "version_affected": "=" + }, + { + "version_value": "MSM8209", + "version_affected": "=" + }, + { + "version_value": "MSM8608", + "version_affected": "=" + }, + { + "version_value": "MSM8909W", + "version_affected": "=" + }, + { + "version_value": "MSM8996AU", + "version_affected": "=" + }, + { + "version_value": "QCA4020", + "version_affected": "=" + }, + { + "version_value": "QCA6174A", + "version_affected": "=" + }, + { + "version_value": "QCA6564A", + "version_affected": "=" + }, + { + "version_value": "QCA6564AU", + "version_affected": "=" + }, + { + "version_value": "QCA6574", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "QCA6584AU", + "version_affected": "=" + }, + { + "version_value": "QCA9377", + "version_affected": "=" + }, + { + "version_value": "QCA9379", + "version_affected": "=" + }, + { + "version_value": "Qualcomm215", + "version_affected": "=" + }, + { + "version_value": "SD210", + "version_affected": "=" + }, + { + "version_value": "SD429", + "version_affected": "=" + }, + { + "version_value": "SD625", + "version_affected": "=" + }, + { + "version_value": "SD626", + "version_affected": "=" + }, + { + "version_value": "SD835", + "version_affected": "=" + }, + { + "version_value": "SDA429W", + "version_affected": "=" + }, + { + "version_value": "SDM429W", + "version_affected": "=" + }, + { + "version_value": "SDW2500", + "version_affected": "=" + }, + { + "version_value": "SDX20", + "version_affected": "=" + }, + { + "version_value": "SDX20M", + "version_affected": "=" + }, + { + "version_value": "WCD9326", + "version_affected": "=" + }, + { + "version_value": "WCD9335", + "version_affected": "=" + }, + { + "version_value": "WCN3610", + "version_affected": "=" + }, + { + "version_value": "WCN3615", + "version_affected": "=" + }, + { + "version_value": "WCN3620", + "version_affected": "=" + }, + { + "version_value": "WCN3660B", + "version_affected": "=" + }, + { + "version_value": "WCN3680", + "version_affected": "=" + }, + { + "version_value": "WCN3680B", + "version_affected": "=" + }, + { + "version_value": "WCN3980", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + }, + { + "version_value": "WSA8815", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22088.json b/2022/22xxx/CVE-2022-22088.json index 65c2c2dcfcee..4739b5fad0f2 100644 --- a/2022/22xxx/CVE-2022-22088.json +++ b/2022/22xxx/CVE-2022-22088.json @@ -1,17 +1,676 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@qualcomm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qualcomm, Inc.", + "product": { + "product_data": [ + { + "product_name": "Snapdragon", + "version": { + "version_data": [ + { + "version_value": "APQ8009", + "version_affected": "=" + }, + { + "version_value": "APQ8009W", + "version_affected": "=" + }, + { + "version_value": "APQ8052", + "version_affected": "=" + }, + { + "version_value": "APQ8056", + "version_affected": "=" + }, + { + "version_value": "APQ8076", + "version_affected": "=" + }, + { + "version_value": "APQ8096AU", + "version_affected": "=" + }, + { + "version_value": "AQT1000", + "version_affected": "=" + }, + { + "version_value": "AR8031", + "version_affected": "=" + }, + { + "version_value": "CSRA6620", + "version_affected": "=" + }, + { + "version_value": "CSRA6640", + "version_affected": "=" + }, + { + "version_value": "MSM8108", + "version_affected": "=" + }, + { + "version_value": "MSM8208", + "version_affected": "=" + }, + { + "version_value": "MSM8209", + "version_affected": "=" + }, + { + "version_value": "MSM8608", + "version_affected": "=" + }, + { + "version_value": "MSM8909W", + "version_affected": "=" + }, + { + "version_value": "MSM8952", + "version_affected": "=" + }, + { + "version_value": "MSM8956", + "version_affected": "=" + }, + { + "version_value": "MSM8976", + "version_affected": "=" + }, + { + "version_value": "MSM8976SG", + "version_affected": "=" + }, + { + "version_value": "MSM8996AU", + "version_affected": "=" + }, + { + "version_value": "QCA6310", + "version_affected": "=" + }, + { + "version_value": "QCA6320", + "version_affected": "=" + }, + { + "version_value": "QCA6335", + "version_affected": "=" + }, + { + "version_value": "QCA6390", + "version_affected": "=" + }, + { + "version_value": "QCA6391", + "version_affected": "=" + }, + { + "version_value": "QCA6420", + "version_affected": "=" + }, + { + "version_value": "QCA6421", + "version_affected": "=" + }, + { + "version_value": "QCA6426", + "version_affected": "=" + }, + { + "version_value": "QCA6430", + "version_affected": "=" + }, + { + "version_value": "QCA6431", + "version_affected": "=" + }, + { + "version_value": "QCA6436", + "version_affected": "=" + }, + { + "version_value": "QCA6564A", + "version_affected": "=" + }, + { + "version_value": "QCA6564AU", + "version_affected": "=" + }, + { + "version_value": "QCA6574", + "version_affected": "=" + }, + { + "version_value": "QCA6574A", + "version_affected": "=" + }, + { + "version_value": "QCA6574AU", + "version_affected": "=" + }, + { + "version_value": "QCA6584AU", + "version_affected": "=" + }, + { + "version_value": "QCA6595AU", + "version_affected": "=" + }, + { + "version_value": "QCA6696", + "version_affected": "=" + }, + { + "version_value": "QCC5100", + "version_affected": "=" + }, + { + "version_value": "QCM2290", + "version_affected": "=" + }, + { + "version_value": "QCM4290", + "version_affected": "=" + }, + { + "version_value": "QCM6125", + "version_affected": "=" + }, + { + "version_value": "QCM6490", + "version_affected": "=" + }, + { + "version_value": "QCN7606", + "version_affected": "=" + }, + { + "version_value": "QCN9011", + "version_affected": "=" + }, + { + "version_value": "QCN9012", + "version_affected": "=" + }, + { + "version_value": "QCN9074", + "version_affected": "=" + }, + { + "version_value": "QCS2290", + "version_affected": "=" + }, + { + "version_value": "QCS405", + "version_affected": "=" + }, + { + "version_value": "QCS410", + "version_affected": "=" + }, + { + "version_value": "QCS4290", + "version_affected": "=" + }, + { + "version_value": "QCS610", + "version_affected": "=" + }, + { + "version_value": "QCS6125", + "version_affected": "=" + }, + { + "version_value": "QCS6490", + "version_affected": "=" + }, + { + "version_value": "QRB5165", + "version_affected": "=" + }, + { + "version_value": "QRB5165M", + "version_affected": "=" + }, + { + "version_value": "QRB5165N", + "version_affected": "=" + }, + { + "version_value": "Qualcomm215", + "version_affected": "=" + }, + { + "version_value": "SA6145P", + "version_affected": "=" + }, + { + "version_value": "SA6150P", + "version_affected": "=" + }, + { + "version_value": "SA6155", + "version_affected": "=" + }, + { + "version_value": "SA6155P", + "version_affected": "=" + }, + { + "version_value": "SA8145P", + "version_affected": "=" + }, + { + "version_value": "SA8150P", + "version_affected": "=" + }, + { + "version_value": "SA8155", + "version_affected": "=" + }, + { + "version_value": "SA8155P", + "version_affected": "=" + }, + { + "version_value": "SA8195P", + "version_affected": "=" + }, + { + "version_value": "SD 675", + "version_affected": "=" + }, + { + "version_value": "SD 8 Gen1 5G", + "version_affected": "=" + }, + { + "version_value": "SD205", + "version_affected": "=" + }, + { + "version_value": "SD210", + "version_affected": "=" + }, + { + "version_value": "SD429", + "version_affected": "=" + }, + { + "version_value": "SD460", + "version_affected": "=" + }, + { + "version_value": "SD480", + "version_affected": "=" + }, + { + "version_value": "SD625", + "version_affected": "=" + }, + { + "version_value": "SD626", + "version_affected": "=" + }, + { + "version_value": "SD660", + "version_affected": "=" + }, + { + "version_value": "SD662", + "version_affected": "=" + }, + { + "version_value": "SD665", + "version_affected": "=" + }, + { + "version_value": "SD675", + "version_affected": "=" + }, + { + "version_value": "SD678", + "version_affected": "=" + }, + { + "version_value": "SD680", + "version_affected": "=" + }, + { + "version_value": "SD690 5G", + "version_affected": "=" + }, + { + "version_value": "SD695", + "version_affected": "=" + }, + { + "version_value": "SD720G", + "version_affected": "=" + }, + { + "version_value": "SD730", + "version_affected": "=" + }, + { + "version_value": "SD750G", + "version_affected": "=" + }, + { + "version_value": "SD765", + "version_affected": "=" + }, + { + "version_value": "SD765G", + "version_affected": "=" + }, + { + "version_value": "SD768G", + "version_affected": "=" + }, + { + "version_value": "SD778G", + "version_affected": "=" + }, + { + "version_value": "SD780G", + "version_affected": "=" + }, + { + "version_value": "SD835", + "version_affected": "=" + }, + { + "version_value": "SD845", + "version_affected": "=" + }, + { + "version_value": "SD855", + "version_affected": "=" + }, + { + "version_value": "SD865 5G", + "version_affected": "=" + }, + { + "version_value": "SD870", + "version_affected": "=" + }, + { + "version_value": "SD888", + "version_affected": "=" + }, + { + "version_value": "SD888 5G", + "version_affected": "=" + }, + { + "version_value": "SDM429W", + "version_affected": "=" + }, + { + "version_value": "SDW2500", + "version_affected": "=" + }, + { + "version_value": "SDX50M", + "version_affected": "=" + }, + { + "version_value": "SDX55", + "version_affected": "=" + }, + { + "version_value": "SDX55M", + "version_affected": "=" + }, + { + "version_value": "SDXR1", + "version_affected": "=" + }, + { + "version_value": "SDXR2 5G", + "version_affected": "=" + }, + { + "version_value": "SM4125", + "version_affected": "=" + }, + { + "version_value": "SM4375", + "version_affected": "=" + }, + { + "version_value": "SM6250", + "version_affected": "=" + }, + { + "version_value": "SM6250P", + "version_affected": "=" + }, + { + "version_value": "SM7250P", + "version_affected": "=" + }, + { + "version_value": "SM7315", + "version_affected": "=" + }, + { + "version_value": "SM7325P", + "version_affected": "=" + }, + { + "version_value": "SW5100", + "version_affected": "=" + }, + { + "version_value": "SW5100P", + "version_affected": "=" + }, + { + "version_value": "SXR2150P", + "version_affected": "=" + }, + { + "version_value": "WCD9326", + "version_affected": "=" + }, + { + "version_value": "WCD9335", + "version_affected": "=" + }, + { + "version_value": "WCD9340", + "version_affected": "=" + }, + { + "version_value": "WCD9341", + "version_affected": "=" + }, + { + "version_value": "WCD9370", + "version_affected": "=" + }, + { + "version_value": "WCD9375", + "version_affected": "=" + }, + { + "version_value": "WCD9380", + "version_affected": "=" + }, + { + "version_value": "WCD9385", + "version_affected": "=" + }, + { + "version_value": "WCN3610", + "version_affected": "=" + }, + { + "version_value": "WCN3615", + "version_affected": "=" + }, + { + "version_value": "WCN3620", + "version_affected": "=" + }, + { + "version_value": "WCN3660B", + "version_affected": "=" + }, + { + "version_value": "WCN3680", + "version_affected": "=" + }, + { + "version_value": "WCN3680B", + "version_affected": "=" + }, + { + "version_value": "WCN3910", + "version_affected": "=" + }, + { + "version_value": "WCN3950", + "version_affected": "=" + }, + { + "version_value": "WCN3980", + "version_affected": "=" + }, + { + "version_value": "WCN3988", + "version_affected": "=" + }, + { + "version_value": "WCN3990", + "version_affected": "=" + }, + { + "version_value": "WCN3991", + "version_affected": "=" + }, + { + "version_value": "WCN3998", + "version_affected": "=" + }, + { + "version_value": "WCN6740", + "version_affected": "=" + }, + { + "version_value": "WCN6750", + "version_affected": "=" + }, + { + "version_value": "WCN6850", + "version_affected": "=" + }, + { + "version_value": "WCN6851", + "version_affected": "=" + }, + { + "version_value": "WCN6855", + "version_affected": "=" + }, + { + "version_value": "WCN6856", + "version_affected": "=" + }, + { + "version_value": "WCN7850", + "version_affected": "=" + }, + { + "version_value": "WCN7851", + "version_affected": "=" + }, + { + "version_value": "WSA8810", + "version_affected": "=" + }, + { + "version_value": "WSA8815", + "version_affected": "=" + }, + { + "version_value": "WSA8830", + "version_affected": "=" + }, + { + "version_value": "WSA8835", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", + "refsource": "MISC", + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22158.json b/2022/22xxx/CVE-2022-22158.json index 62c54b52f1ed..f2e4521d82d2 100644 --- a/2022/22xxx/CVE-2022-22158.json +++ b/2022/22xxx/CVE-2022-22158.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22158", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22165.json b/2022/22xxx/CVE-2022-22165.json index 65a68fcf607b..e61dba1cbd2b 100644 --- a/2022/22xxx/CVE-2022-22165.json +++ b/2022/22xxx/CVE-2022-22165.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22165", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22184.json b/2022/22xxx/CVE-2022-22184.json index 6176f2644e5d..e6ff01bd6abb 100644 --- a/2022/22xxx/CVE-2022-22184.json +++ b/2022/22xxx/CVE-2022-22184.json @@ -1,18 +1,138 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-12-22T20:00:00.000Z", "ID": "CVE-2022-22184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R1-S1" + }, + { + "version_affected": "!<", + "version_value": "22.3R1" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "22.3-EVO", + "version_value": "22.3R1-S1-EVO" + }, + { + "version_affected": "!<", + "version_value": "22.3R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70175", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70175" } ] - } + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases;\nJunos OS Evolved: 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70175", + "defect": [ + "1698446" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22199.json b/2022/22xxx/CVE-2022-22199.json index 1cd1fe8987c2..0ca19a8f8e06 100644 --- a/2022/22xxx/CVE-2022-22199.json +++ b/2022/22xxx/CVE-2022-22199.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22200.json b/2022/22xxx/CVE-2022-22200.json index 785e820a15ff..b577f99b1c8b 100644 --- a/2022/22xxx/CVE-2022-22200.json +++ b/2022/22xxx/CVE-2022-22200.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-22200", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2022/22xxx/CVE-2022-22337.json b/2022/22xxx/CVE-2022-22337.json index c0267a488210..561ac2cecb9a 100644 --- a/2022/22xxx/CVE-2022-22337.json +++ b/2022/22xxx/CVE-2022-22337.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852459", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852459" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22338.json b/2022/22xxx/CVE-2022-22338.json index 176d21f1c8c7..55cf2a29d7b7 100644 --- a/2022/22xxx/CVE-2022-22338.json +++ b/2022/22xxx/CVE-2022-22338.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852453", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852453" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219510", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219510" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22352.json b/2022/22xxx/CVE-2022-22352.json index dac2583ca1ca..8f9da383cd37 100644 --- a/2022/22xxx/CVE-2022-22352.json +++ b/2022/22xxx/CVE-2022-22352.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852443", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852443" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220398", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220398" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22371.json b/2022/22xxx/CVE-2022-22371.json index 5dd30b384575..ada3f7cc9b68 100644 --- a/2022/22xxx/CVE-2022-22371.json +++ b/2022/22xxx/CVE-2022-22371.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator Standard Edition", + "version": { + "version_data": [ + { + "version_value": "6.0.0.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852461", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852461" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221195", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221195" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22449.json b/2022/22xxx/CVE-2022-22449.json index 471d033fcb1f..eeeafe22a0a7 100644 --- a/2022/22xxx/CVE-2022-22449.json +++ b/2022/22xxx/CVE-2022-22449.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224915", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224915" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22456.json b/2022/22xxx/CVE-2022-22456.json index 7e041ba9b552..13a495dcfabe 100644 --- a/2022/22xxx/CVE-2022-22456.json +++ b/2022/22xxx/CVE-2022-22456.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225004", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22457.json b/2022/22xxx/CVE-2022-22457.json index c422b549d80f..5bf78cb99802 100644 --- a/2022/22xxx/CVE-2022-22457.json +++ b/2022/22xxx/CVE-2022-22457.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225007", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225007" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22458.json b/2022/22xxx/CVE-2022-22458.json index bf233083ce12..ae992ed1f183 100644 --- a/2022/22xxx/CVE-2022-22458.json +++ b/2022/22xxx/CVE-2022-22458.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256 Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6849247", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6849247" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225009", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225009" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22461.json b/2022/22xxx/CVE-2022-22461.json index b632f2d07f41..ebe048474c36 100644 --- a/2022/22xxx/CVE-2022-22461.json +++ b/2022/22xxx/CVE-2022-22461.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance, Identity Manager", + "version": { + "version_data": [ + { + "version_value": "10.0.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6850845", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6850845" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225077", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225077" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22470.json b/2022/22xxx/CVE-2022-22470.json index 1aad348541ad..87c7ba224fda 100644 --- a/2022/22xxx/CVE-2022-22470.json +++ b/2022/22xxx/CVE-2022-22470.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "256 Plaintext Storage of a Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance", + "version": { + "version_data": [ + { + "version_value": "10.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6852697", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6852697" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225232", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225232" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22576.json b/2022/22xxx/CVE-2022-22576.json index 930b7c664782..a5c1076a6662 100644 --- a/2022/22xxx/CVE-2022-22576.json +++ b/2022/22xxx/CVE-2022-22576.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202212-01", + "url": "https://security.gentoo.org/glsa/202212-01" } ] }, diff --git a/2022/22xxx/CVE-2022-22728.json b/2022/22xxx/CVE-2022-22728.json index a6be39fb720e..4f440362e664 100644 --- a/2022/22xxx/CVE-2022-22728.json +++ b/2022/22xxx/CVE-2022-22728.json @@ -96,6 +96,41 @@ "refsource": "FEDORA", "name": "FEDORA-2022-61f5b492b7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HZZKVHYYWACPWONPEFRNPIRE3HYLV4T/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221229 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/29/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221230 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/30/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/31/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20221231 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2022/12/31/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/02/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230102 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/02/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20230103 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption", + "url": "http://www.openwall.com/lists/oss-security/2023/01/03/2" } ] }, diff --git a/2022/22xxx/CVE-2022-22736.json b/2022/22xxx/CVE-2022-22736.json index d554623e757f..f9fd3f8848a4 100644 --- a/2022/22xxx/CVE-2022-22736.json +++ b/2022/22xxx/CVE-2022-22736.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential local privilege escalation when loading modules from the install directory." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.
*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96." } ] } diff --git a/2022/22xxx/CVE-2022-22737.json b/2022/22xxx/CVE-2022-22737.json index 26a8b432e778..d11b45822f4b 100644 --- a/2022/22xxx/CVE-2022-22737.json +++ b/2022/22xxx/CVE-2022-22737.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race condition when playing audio files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745874", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745874" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22738.json b/2022/22xxx/CVE-2022-22738.json index ee7a2b2faa9a..aae62ca294e7 100644 --- a/2022/22xxx/CVE-2022-22738.json +++ b/2022/22xxx/CVE-2022-22738.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-buffer-overflow in blendGaussianBlur" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742382", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742382" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22739.json b/2022/22xxx/CVE-2022-22739.json index 7dcad569d97b..b7f2c2aeac23 100644 --- a/2022/22xxx/CVE-2022-22739.json +++ b/2022/22xxx/CVE-2022-22739.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing throttling on external protocol launch dialog" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1744158", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1744158" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22740.json b/2022/22xxx/CVE-2022-22740.json index 75cd3711e69a..06069bbbed8f 100644 --- a/2022/22xxx/CVE-2022-22740.json +++ b/2022/22xxx/CVE-2022-22740.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free of ChannelEventQueue::mOwner" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742334", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742334" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22741.json b/2022/22xxx/CVE-2022-22741.json index 87bb08469fd5..4ac026d256c6 100644 --- a/2022/22xxx/CVE-2022-22741.json +++ b/2022/22xxx/CVE-2022-22741.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Browser window spoof using fullscreen mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22742.json b/2022/22xxx/CVE-2022-22742.json index 8a14b0707090..79b47fca8955 100644 --- a/2022/22xxx/CVE-2022-22742.json +++ b/2022/22xxx/CVE-2022-22742.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds memory access when inserting text in edit mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739923", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739923" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22743.json b/2022/22xxx/CVE-2022-22743.json index e88d53a83764..3507f9acee78 100644 --- a/2022/22xxx/CVE-2022-22743.json +++ b/2022/22xxx/CVE-2022-22743.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Browser window spoof using fullscreen mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739220", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739220" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22744.json b/2022/22xxx/CVE-2022-22744.json index abdfd7139dc8..de11b92a428a 100644 --- a/2022/22xxx/CVE-2022-22744.json +++ b/2022/22xxx/CVE-2022-22744.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737252", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737252" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The constructed curl command from the \"Copy as curl\" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.
*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22745.json b/2022/22xxx/CVE-2022-22745.json index 4e4668494f89..837c81cbf7e8 100644 --- a/2022/22xxx/CVE-2022-22745.json +++ b/2022/22xxx/CVE-2022-22745.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Leaking cross-origin URLs through securitypolicyviolation event" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735856", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735856" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22746.json b/2022/22xxx/CVE-2022-22746.json index 9080feb99801..b39bd9001da9 100644 --- a/2022/22xxx/CVE-2022-22746.json +++ b/2022/22xxx/CVE-2022-22746.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Calling into reportValidity could have lead to fullscreen window spoof" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735071", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735071" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22747.json b/2022/22xxx/CVE-2022-22747.json index 0fe4b15c9a89..114cf9d12122 100644 --- a/2022/22xxx/CVE-2022-22747.json +++ b/2022/22xxx/CVE-2022-22747.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Crash when handling empty pkcs7 sequence" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22748.json b/2022/22xxx/CVE-2022-22748.json index 7a3c0f9a7d8e..8e69cac083ed 100644 --- a/2022/22xxx/CVE-2022-22748.json +++ b/2022/22xxx/CVE-2022-22748.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofed origin on external protocol launch dialog" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1705211", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1705211" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22749.json b/2022/22xxx/CVE-2022-22749.json index 02140b6f8b53..af6b9f980d42 100644 --- a/2022/22xxx/CVE-2022-22749.json +++ b/2022/22xxx/CVE-2022-22749.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lack of URL restrictions when scanning QR codes" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1705094", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1705094" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96." } ] } diff --git a/2022/22xxx/CVE-2022-22750.json b/2022/22xxx/CVE-2022-22750.json index 2ca5c51ba799..f279d90e61c6 100644 --- a/2022/22xxx/CVE-2022-22750.json +++ b/2022/22xxx/CVE-2022-22750.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IPC passing of resource handles could have lead to sandbox bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1566608", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1566608" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.
*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96." } ] } diff --git a/2022/22xxx/CVE-2022-22751.json b/2022/22xxx/CVE-2022-22751.json index 8a59a0f9d69f..aeaf922a1091 100644 --- a/2022/22xxx/CVE-2022-22751.json +++ b/2022/22xxx/CVE-2022-22751.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.5", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Thunderbird 91.5" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5." } ] } diff --git a/2022/22xxx/CVE-2022-22752.json b/2022/22xxx/CVE-2022-22752.json index 71b4702738c0..6c3d035e5025 100644 --- a/2022/22xxx/CVE-2022-22752.json +++ b/2022/22xxx/CVE-2022-22752.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 96" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1741210%2C1742770", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1741210%2C1742770" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 96." } ] } diff --git a/2022/22xxx/CVE-2022-22753.json b/2022/22xxx/CVE-2022-22753.json index 210777d467e8..aabcc6178ee9 100644 --- a/2022/22xxx/CVE-2022-22753.json +++ b/2022/22xxx/CVE-2022-22753.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation to SYSTEM on Windows via Maintenance Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732435", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1732435" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22754.json b/2022/22xxx/CVE-2022-22754.json index cc287e2efbf6..d2dd3c570ad1 100644 --- a/2022/22xxx/CVE-2022-22754.json +++ b/2022/22xxx/CVE-2022-22754.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Extensions could have bypassed permission confirmation during update" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750565", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750565" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22755.json b/2022/22xxx/CVE-2022-22755.json index f991f921b483..9dffc41062f3 100644 --- a/2022/22xxx/CVE-2022-22755.json +++ b/2022/22xxx/CVE-2022-22755.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSL could have allowed JavaScript execution after a tab was closed" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309630", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309630" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97." } ] } diff --git a/2022/22xxx/CVE-2022-22756.json b/2022/22xxx/CVE-2022-22756.json index 396990cf39df..06323d8b9fdb 100644 --- a/2022/22xxx/CVE-2022-22756.json +++ b/2022/22xxx/CVE-2022-22756.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Drag and dropping an image could have resulted in the dropped object being an executable" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317873", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317873" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22757.json b/2022/22xxx/CVE-2022-22757.json index 9e264c6fcbc5..54ce61398dd6 100644 --- a/2022/22xxx/CVE-2022-22757.json +++ b/2022/22xxx/CVE-2022-22757.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Agent did not prevent local websites from connecting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720098", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720098" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it.
*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97." } ] } diff --git a/2022/22xxx/CVE-2022-22758.json b/2022/22xxx/CVE-2022-22758.json index 68072e3b2dde..f26854b29285 100644 --- a/2022/22xxx/CVE-2022-22758.json +++ b/2022/22xxx/CVE-2022-22758.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "tel: links could have sent USSD codes to the dialer on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1728742", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1728742" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When clicking on a tel: link, USSD codes, specified after a \\* character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97." } ] } diff --git a/2022/22xxx/CVE-2022-22759.json b/2022/22xxx/CVE-2022-22759.json index b94f63cb895d..efe8c9c4d2da 100644 --- a/2022/22xxx/CVE-2022-22759.json +++ b/2022/22xxx/CVE-2022-22759.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sandboxed iframes could have executed script if the parent appended elements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739957", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1739957" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22760.json b/2022/22xxx/CVE-2022-22760.json index 11557a0643aa..74bfc9f43f5b 100644 --- a/2022/22xxx/CVE-2022-22760.json +++ b/2022/22xxx/CVE-2022-22760.json @@ -4,14 +4,101 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Origin responses could be distinguished between script and non-script content-types" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740985" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1748503" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22761.json b/2022/22xxx/CVE-2022-22761.json index e2395966fd6c..af7044657b52 100644 --- a/2022/22xxx/CVE-2022-22761.json +++ b/2022/22xxx/CVE-2022-22761.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "frame-ancestors Content Security Policy directive was not enforced for framed extension pages" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745566" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22762.json b/2022/22xxx/CVE-2022-22762.json index a25d87b1f8ce..f3db98b03c38 100644 --- a/2022/22xxx/CVE-2022-22762.json +++ b/2022/22xxx/CVE-2022-22762.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "JavaScript Dialogs could have been displayed over other domains on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user.
*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97." } ] } diff --git a/2022/22xxx/CVE-2022-22763.json b/2022/22xxx/CVE-2022-22763.json index d14e9507bc2f..def2bf47f460 100644 --- a/2022/22xxx/CVE-2022-22763.json +++ b/2022/22xxx/CVE-2022-22763.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "96", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Script Execution during invalid object state" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/22xxx/CVE-2022-22764.json b/2022/22xxx/CVE-2022-22764.json index 29d7c6d2ee05..3fa24c9693f9 100644 --- a/2022/22xxx/CVE-2022-22764.json +++ b/2022/22xxx/CVE-2022-22764.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "97", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.6", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-05/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-06/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6." } ] } diff --git a/2022/23xxx/CVE-2022-23474.json b/2022/23xxx/CVE-2022-23474.json index 7c291c501d26..3cf56d36d74d 100644 --- a/2022/23xxx/CVE-2022-23474.json +++ b/2022/23xxx/CVE-2022-23474.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper\u2019s innerHTML. This issue is patched in version 2.26.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codex-team", + "product": { + "product_data": [ + { + "product_name": "editor.js", + "version": { + "version_data": [ + { + "version_value": "2.26.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/" + }, + { + "url": "https://github.com/codex-team/editor.js/pull/2100", + "refsource": "MISC", + "name": "https://github.com/codex-team/editor.js/pull/2100" + } + ] + }, + "source": { + "advisory": "GHSA-6mvj-2569-3mcm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23488.json b/2022/23xxx/CVE-2022-23488.json index c42dfc673ee2..def59b5c7fca 100644 --- a/2022/23xxx/CVE-2022-23488.json +++ b/2022/23xxx/CVE-2022-23488.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Insertion of Sensitive Information Into Sent Data", + "cweId": "CWE-201" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4-rc-6", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4-rc-6" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-j5g3-f74q-rvfq", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-j5g3-f74q-rvfq" + } + ] + }, + "source": { + "advisory": "GHSA-j5g3-f74q-rvfq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23490.json b/2022/23xxx/CVE-2022-23490.json index 6d15430ac341..adcb113b2f01 100644 --- a/2022/23xxx/CVE-2022-23490.json +++ b/2022/23xxx/CVE-2022-23490.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bigbluebutton", + "product": { + "product_data": [ + { + "product_name": "bigbluebutton", + "version": { + "version_data": [ + { + "version_value": "< 2.4.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.4.0" + }, + { + "url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4qgc-xhw5-6qfg" + } + ] + }, + "source": { + "advisory": "GHSA-4qgc-xhw5-6qfg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23506.json b/2022/23xxx/CVE-2022-23506.json index 43cff55b8124..922af38b56b5 100644 --- a/2022/23xxx/CVE-2022-23506.json +++ b/2022/23xxx/CVE-2022-23506.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. Additionally, credentials can be set in `/home/spinnaker/.aws/credentials` and `/home/spinnaker/.aws/config` as a volume mount for Rosco pods vs. setting credentials in roscos bake config properties. Last even with those it's recommend to use IAM Roles vs. long lived credentials. This drastically mitigates the risk of credentials exposure. If users have used static credentials, it's recommended to purge any bake logs for AWS, evaluate whether AWS_ACCESS_KEY, SECRET_KEY and/or other sensitive data has been introduced in log files and bake job logs. Then, rotate these credentials and evaluate potential improper use of those credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "spinnaker", + "product": { + "product_data": [ + { + "product_name": "spinnaker", + "version": { + "version_data": [ + { + "version_value": "< 1.27.3", + "version_affected": "=" + }, + { + "version_value": ">= 1.28.0, < 1.28.4", + "version_affected": "=" + }, + { + "version_value": ">= 1.29.0, < 1.29.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-2233-cqj8-j2q5", + "refsource": "MISC", + "name": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-2233-cqj8-j2q5" + }, + { + "url": "https://github.com/spinnaker/rosco/commit/e80cfaa1abfb3a0e9026d45d6027291bfb815daf", + "refsource": "MISC", + "name": "https://github.com/spinnaker/rosco/commit/e80cfaa1abfb3a0e9026d45d6027291bfb815daf" + } + ] + }, + "source": { + "advisory": "GHSA-2233-cqj8-j2q5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23507.json b/2022/23xxx/CVE-2022-23507.json index 38a24827ca01..5f57a0c7aa30 100644 --- a/2022/23xxx/CVE-2022-23507.json +++ b/2022/23xxx/CVE-2022-23507.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "informalsystems", + "product": { + "product_data": [ + { + "product_name": "tendermint-rs", + "version": { + "version_data": [ + { + "version_value": "0.28.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5", + "refsource": "MISC", + "name": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5" + } + ] + }, + "source": { + "advisory": "GHSA-xqqc-c5gw-c5r5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23508.json b/2022/23xxx/CVE-2022-23508.json index a3ab85374937..a71b9cf18412 100644 --- a/2022/23xxx/CVE-2022-23508.json +++ b/2022/23xxx/CVE-2022-23508.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory", + "cweId": "CWE-538" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-552: Files or Directories Accessible to External Parties", + "cweId": "CWE-552" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weaveworks", + "product": { + "product_data": [ + { + "product_name": "weave-gitops", + "version": { + "version_data": [ + { + "version_value": "<= 0.11.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-wr3c-g326-486c", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-wr3c-g326-486c" + }, + { + "url": "https://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225" + }, + { + "url": "https://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f" + } + ] + }, + "source": { + "advisory": "GHSA-wr3c-g326-486c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23509.json b/2022/23xxx/CVE-2022-23509.json index 1d3e63afcf0d..eca1a4aa6258 100644 --- a/2022/23xxx/CVE-2022-23509.json +++ b/2022/23xxx/CVE-2022-23509.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weaveworks", + "product": { + "product_data": [ + { + "product_name": "weave-gitops", + "version": { + "version_data": [ + { + "version_value": "<= 0.11.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-89qm-wcmw-3mgg", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/security/advisories/GHSA-89qm-wcmw-3mgg" + }, + { + "url": "https://github.com/weaveworks/weave-gitops/pull/3098/commits/babd91574b99b310b84aeec9f8f895bd18acb967", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/pull/3098/commits/babd91574b99b310b84aeec9f8f895bd18acb967" + }, + { + "url": "https://github.com/weaveworks/weave-gitops/pull/3106/commits/ce2bbff0a3609c33396050ed544a5a21f8d0797f", + "refsource": "MISC", + "name": "https://github.com/weaveworks/weave-gitops/pull/3106/commits/ce2bbff0a3609c33396050ed544a5a21f8d0797f" + } + ] + }, + "source": { + "advisory": "GHSA-89qm-wcmw-3mgg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23513.json b/2022/23xxx/CVE-2022-23513.json index f1eb710b49dd..b7a52c9b3fd9 100644 --- a/2022/23xxx/CVE-2022-23513.json +++ b/2022/23xxx/CVE-2022-23513.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pi-hole", + "product": { + "product_data": [ + { + "product_name": "AdminLTE", + "version": { + "version_data": [ + { + "version_value": "< 5.17", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497", + "refsource": "MISC", + "name": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-6qh8-6rrj-7497" + }, + { + "url": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.18", + "refsource": "MISC", + "name": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.18" + } + ] + }, + "source": { + "advisory": "GHSA-6qh8-6rrj-7497", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23517.json b/2022/23xxx/CVE-2022-23517.json index 0cd8ad65ad89..f7168cc9259b 100644 --- a/2022/23xxx/CVE-2022-23517.json +++ b/2022/23xxx/CVE-2022-23517.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1684163", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1684163" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979" + } + ] + }, + "source": { + "advisory": "GHSA-5x79-w82f-gw8w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23518.json b/2022/23xxx/CVE-2022-23518.json index 180ee7ec7d36..879733df3876 100644 --- a/2022/23xxx/CVE-2022-23518.json +++ b/2022/23xxx/CVE-2022-23518.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": ">= 1.0.3, < 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1694173", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1694173" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/issues/135", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/issues/135" + } + ] + }, + "source": { + "advisory": "GHSA-mcvf-2q2m-x72m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2022/23xxx/CVE-2022-23519.json b/2022/23xxx/CVE-2022-23519.json index ad445e8a915c..dc3e83f635e9 100644 --- a/2022/23xxx/CVE-2022-23519.json +++ b/2022/23xxx/CVE-2022-23519.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h" + }, + { + "url": "https://hackerone.com/reports/1656627", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1656627" + } + ] + }, + "source": { + "advisory": "GHSA-9h9g-93gc-623h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23520.json b/2022/23xxx/CVE-2022-23520.json index 6767978b7d2f..b46625fb4f73 100644 --- a/2022/23xxx/CVE-2022-23520.json +++ b/2022/23xxx/CVE-2022-23520.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_value": "< 1.4.4", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8" + }, + { + "url": "https://hackerone.com/reports/1654310", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1654310" + } + ] + }, + "source": { + "advisory": "GHSA-rrfc-7g8p-99q8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23524.json b/2022/23xxx/CVE-2022-23524.json index bbb74aad946f..e1eef24906e4 100644 --- a/2022/23xxx/CVE-2022-23524.json +++ b/2022/23xxx/CVE-2022-23524.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23524", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r" + } + ] + }, + "source": { + "advisory": "GHSA-6rx9-889q-vv2r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23525.json b/2022/23xxx/CVE-2022-23525.json index 82b413a81722..cd1428d2131f 100644 --- a/2022/23xxx/CVE-2022-23525.json +++ b/2022/23xxx/CVE-2022-23525.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q" + }, + { + "url": "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b", + "refsource": "MISC", + "name": "https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b" + } + ] + }, + "source": { + "advisory": "GHSA-53c4-hhmh-vw5q", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23526.json b/2022/23xxx/CVE-2022-23526.json index 852d9833a59b..d0222e8f4bda 100644 --- a/2022/23xxx/CVE-2022-23526.json +++ b/2022/23xxx/CVE-2022-23526.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "helm", + "product": { + "product_data": [ + { + "product_name": "helm", + "version": { + "version_data": [ + { + "version_value": "< v3.10.3", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33", + "refsource": "MISC", + "name": "https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33" + }, + { + "url": "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d", + "refsource": "MISC", + "name": "https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d" + } + ] + }, + "source": { + "advisory": "GHSA-67fx-wx78-jx33", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23527.json b/2022/23xxx/CVE-2022-23527.json index 7deaf1117fe7..218434dd9f20 100644 --- a/2022/23xxx/CVE-2022-23527.json +++ b/2022/23xxx/CVE-2022-23527.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mod_auth_openidc is an OpenID Certified\u2122 authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "zmartzone", + "product": { + "product_data": [ + { + "product_name": "mod_auth_openidc", + "version": { + "version_data": [ + { + "version_value": "< 2.4.12.2", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53" + }, + { + "url": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984", + "refsource": "MISC", + "name": "https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984" + } + ] + }, + "source": { + "advisory": "GHSA-q6f2-285m-gr53", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23529.json b/2022/23xxx/CVE-2022-23529.json index c0293a2008fa..b47a9fe55225 100644 --- a/2022/23xxx/CVE-2022-23529.json +++ b/2022/23xxx/CVE-2022-23529.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "node-jsonwebtoken is a JsonWebToken implementation for node.js. For versions `<= 8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine. Users are affected only if untrusted entities are allowed to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. This issue has been fixed, please update to version 9.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "auth0", + "product": { + "product_data": [ + { + "product_name": "node-jsonwebtoken", + "version": { + "version_data": [ + { + "version_value": "<= 8.5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" + } + ] + }, + "source": { + "advisory": "GHSA-27h2-hvpr-p74q", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23530.json b/2022/23xxx/CVE-2022-23530.json index 6af7ff780497..9f297bd5326b 100644 --- a/2022/23xxx/CVE-2022-23530.json +++ b/2022/23xxx/CVE-2022-23530.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DataDog", + "product": { + "product_data": [ + { + "product_name": "guarddog", + "version": { + "version_data": [ + { + "version_value": "< 0.1.8", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/security/advisories/GHSA-78m5-jpmf-ch7v" + }, + { + "url": "https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/commit/37c7d0767ba28f4df46117d478f97652594c491c" + }, + { + "url": "https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158" + } + ] + }, + "source": { + "advisory": "GHSA-78m5-jpmf-ch7v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23531.json b/2022/23xxx/CVE-2022-23531.json index 90ca67b1ca90..022b0c04e4ac 100644 --- a/2022/23xxx/CVE-2022-23531.json +++ b/2022/23xxx/CVE-2022-23531.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "DataDog", + "product": { + "product_data": [ + { + "product_name": "guarddog", + "version": { + "version_data": [ + { + "version_value": "< 0.1.5", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-rp2v-v467-q9vq", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/security/advisories/GHSA-rp2v-v467-q9vq" + }, + { + "url": "https://github.com/DataDog/guarddog/pull/89/commits/a56aff58264cb6b7855d71b00dc10c39a5dbd306", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/pull/89/commits/a56aff58264cb6b7855d71b00dc10c39a5dbd306" + }, + { + "url": "https://github.com/DataDog/guarddog/releases/tag/v0.1.5", + "refsource": "MISC", + "name": "https://github.com/DataDog/guarddog/releases/tag/v0.1.5" + } + ] + }, + "source": { + "advisory": "GHSA-rp2v-v467-q9vq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23536.json b/2022/23xxx/CVE-2022-23536.json index 42e9e86fb23a..7468fc869d10 100644 --- a/2022/23xxx/CVE-2022-23536.json +++ b/2022/23xxx/CVE-2022-23536.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete List of Disallowed Inputs", + "cweId": "CWE-184" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-641: Improper Restriction of Names for Files and Other Resources", + "cweId": "CWE-641" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cortexproject", + "product": { + "product_data": [ + { + "product_name": "cortex", + "version": { + "version_data": [ + { + "version_value": ">= 1.13.0, <= 1.13.1", + "version_affected": "=" + }, + { + "version_value": "= 1.14.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j" + }, + { + "url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration", + "refsource": "MISC", + "name": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration" + }, + { + "url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2" + }, + { + "url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1", + "refsource": "MISC", + "name": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1" + } + ] + }, + "source": { + "advisory": "GHSA-cq2g-pw6q-hf7j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23537.json b/2022/23xxx/CVE-2022-23537.json index 3d2bb7e1272c..f9b598d6c877 100644 --- a/2022/23xxx/CVE-2022-23537.json +++ b/2022/23xxx/CVE-2022-23537.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pjsip", + "product": { + "product_data": [ + { + "product_name": "pjproject", + "version": { + "version_data": [ + { + "version_value": "<= 2.13", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w", + "refsource": "MISC", + "name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w" + }, + { + "url": "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1", + "refsource": "MISC", + "name": "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1" + } + ] + }, + "source": { + "advisory": "GHSA-9pfh-r8x4-w26w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23539.json b/2022/23xxx/CVE-2022-23539.json index cffde2237d3e..f9f0e1595b3a 100644 --- a/2022/23xxx/CVE-2022-23539.json +++ b/2022/23xxx/CVE-2022-23539.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "auth0", + "product": { + "product_data": [ + { + "product_name": "node-jsonwebtoken", + "version": { + "version_data": [ + { + "version_value": "<= 8.5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33" + } + ] + }, + "source": { + "advisory": "GHSA-8cf7-32gw-wr33", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23540.json b/2022/23xxx/CVE-2022-23540.json index 6c5fbb5717d8..7dcb2e5e3124 100644 --- a/2022/23xxx/CVE-2022-23540.json +++ b/2022/23xxx/CVE-2022-23540.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "auth0", + "product": { + "product_data": [ + { + "product_name": "node-jsonwebtoken", + "version": { + "version_data": [ + { + "version_value": "<= 8.5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" + } + ] + }, + "source": { + "advisory": "GHSA-qwph-4952-7xr6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23541.json b/2022/23xxx/CVE-2022-23541.json index d3e870eab566..e68ce6158c7e 100644 --- a/2022/23xxx/CVE-2022-23541.json +++ b/2022/23xxx/CVE-2022-23541.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1259: Improper Restriction of Security Token Assignment", + "cweId": "CWE-1259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "auth0", + "product": { + "product_data": [ + { + "product_name": "node-jsonwebtoken", + "version": { + "version_data": [ + { + "version_value": "<= 8.5.1", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0", + "refsource": "MISC", + "name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0" + } + ] + }, + "source": { + "advisory": "GHSA-hjrf-2m68-5959", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23542.json b/2022/23xxx/CVE-2022-23542.json index 7d41c93fecec..5bc2359d94ea 100644 --- a/2022/23xxx/CVE-2022-23542.json +++ b/2022/23xxx/CVE-2022-23542.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openfga", + "product": { + "product_data": [ + { + "product_name": "openfga", + "version": { + "version_data": [ + { + "version_value": "= 0.3.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m", + "refsource": "MISC", + "name": "https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m" + }, + { + "url": "https://github.com/openfga/openfga/pull/422", + "refsource": "MISC", + "name": "https://github.com/openfga/openfga/pull/422" + }, + { + "url": "https://github.com/openfga/openfga/releases/tag/v0.3.1", + "refsource": "MISC", + "name": "https://github.com/openfga/openfga/releases/tag/v0.3.1" + } + ] + }, + "source": { + "advisory": "GHSA-m3q4-7qmj-657m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2022/23xxx/CVE-2022-23543.json b/2022/23xxx/CVE-2022-23543.json index 22805b6eab4e..9f80a85060c4 100644 --- a/2022/23xxx/CVE-2022-23543.json +++ b/2022/23xxx/CVE-2022-23543.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `