From 6bd323aae1d3d23932be739745f751e6921f248c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 11 Sep 2021 08:45:52 +0000 Subject: [PATCH] Auto Generated CVE annotations [Sat Sep 11 08:45:52 UTC 2021] :robot: --- cves/2011/CVE-2011-2780.yaml | 12 ++++++++++++ cves/2015/CVE-2015-7450.yaml | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/cves/2011/CVE-2011-2780.yaml b/cves/2011/CVE-2011-2780.yaml index d57a2e90e1..1cb0a0ac54 100644 --- a/cves/2011/CVE-2011-2780.yaml +++ b/cves/2011/CVE-2011-2780.yaml @@ -5,6 +5,18 @@ info: author: daffainfo severity: high tags: cve,cve2011,lfi,chyrp + description: "Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744." + reference: + - http://www.justanotherhacker.com/advisories/JAHx113.txt + - http://www.openwall.com/lists/oss-security/2011/07/13/5 + - http://www.ocert.org/advisories/ocert-2011-001.html + - http://www.openwall.com/lists/oss-security/2011/07/13/6 + - http://www.securityfocus.com/bid/48672 + - http://secunia.com/advisories/45184 + - http://osvdb.org/73891 + - http://securityreason.com/securityalert/8312 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 + - http://www.securityfocus.com/archive/1/518890/100/0/threaded requests: - method: GET diff --git a/cves/2015/CVE-2015-7450.yaml b/cves/2015/CVE-2015-7450.yaml index e27a3e815f..04918de4f0 100644 --- a/cves/2015/CVE-2015-7450.yaml +++ b/cves/2015/CVE-2015-7450.yaml @@ -10,6 +10,11 @@ info: - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 tags: cve,cve2015,websphere,deserialization,rce,oob + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2015-7450 + cwe-id: CWE-94 requests: - raw: