daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Mon Mar 27 06:30:15 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-27 06:30:15 +00:00
parent 621baa7211
commit 2279d26eb1
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves.json
View File

@ -754,7 +754,7 @@
{"ID":"CVE-2020-13942","Info":{"Name":"Apache Unomi \u003c1.5.2 - Remote Code Execution","Severity":"critical","Description":"Apache Unomi allows conditions to use OGNL and MVEL scripting which\noffers the possibility to call static Java classes from the JDK\nthat could execute code with the permission level of the running Java process.\nThis vulnerability affects all versions of Apache Unomi prior to 1.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-13942.yaml"}
{"ID":"CVE-2020-13945","Info":{"Name":"Apache APISIX - Insufficiently Protected Credentials","Severity":"medium","Description":"Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2020/CVE-2020-13945.yaml"}
{"ID":"CVE-2020-14092","Info":{"Name":"WordPress PayPal Pro \u003c1.1.65 - SQL Injection","Severity":"critical","Description":"WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-14092.yaml"}
{"ID":"CVE-2020-14144","Info":{"Name":"Gitea Git Hooks Remote Code Execution","Severity":"high","Description":"The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states \"This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2020/CVE-2020-14144.yaml"}
{"ID":"CVE-2020-14144","Info":{"Name":"Gitea Git Hooks - Remote Code Execution","Severity":"high","Description":"The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states \"This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2020/CVE-2020-14144.yaml"}
{"ID":"CVE-2020-14179","Info":{"Name":"Atlassian Jira Server/Data Center \u003c8.5.8/8.6.0 - 8.11.1 - Information Disclosure","Severity":"medium","Description":"Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-14179.yaml"}
{"ID":"CVE-2020-14181","Info":{"Name":"User enumeration via insecure Jira endpoint","Severity":"medium","Description":"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2020/CVE-2020-14181.yaml"}
{"ID":"CVE-2020-14408","Info":{"Name":"Agentejo Cockpit 0.10.2 - Cross-Site Scripting","Severity":"medium","Description":"Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-14408.yaml"}
@ -1391,7 +1391,7 @@
{"ID":"CVE-2022-1162","Info":{"Name":"GitLab CE/EE - Hardcoded password","Severity":"critical","Description":"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1162.yaml"}
{"ID":"CVE-2022-1168","Info":{"Name":"WordPress WP JobSearch \u003c1.5.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1168.yaml"}
{"ID":"CVE-2022-1221","Info":{"Name":"WordPress Gwyn's Imagemap Selector \u003c=0.3.3 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1221.yaml"}
{"ID":"CVE-2022-1329","Info":{"Name":"Elementor Website Builder Remote Code Execution Vulnerability","Severity":"high","Description":"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-1329.yaml"}
{"ID":"CVE-2022-1329","Info":{"Name":"Elementor Website Builder - Remote Code Execution Vulnerability","Severity":"high","Description":"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-1329.yaml"}
{"ID":"CVE-2022-1386","Info":{"Name":"WordPress Fusion Builder \u003c 3.6.2 - Unauthenticated SSRF","Severity":"critical","Description":"The plugin, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1386.yaml"}
{"ID":"CVE-2022-1388","Info":{"Name":"F5 BIG-IP iControl - REST Auth Bypass RCE","Severity":"critical","Description":"F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1388.yaml"}
{"ID":"CVE-2022-1390","Info":{"Name":"WordPress Admin Word Count Column 2.2 - Local File Inclusion","Severity":"critical","Description":"The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1390.yaml"}
@ -1659,3 +1659,4 @@
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-27292.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Google Cloud API Disclosure","Severity":"medium","Description":"If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software - Command Injection","Severity":"critical","Description":"OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-28343.yaml"}
{"ID":"CVE-2023-28432","Info":{"Name":"Minio Cluster Deployment - Information Disclosure","Severity":"high","Description":"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-28432.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
3eb7919f3b78787a40d5eff068ceab3b
e9759c73dd0ca8f897e61f478feaa1aa