daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Thu Feb 9 05:59:15 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-09 05:59:15 +00:00
parent 98ddeaefa8
commit 80a6bb7f04
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@ -757,6 +757,7 @@
{"ID":"CVE-2020-15500","Info":{"Name":"TileServer GL \u003c=3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15500.yaml"}
{"ID":"CVE-2020-15505","Info":{"Name":"MobileIron Core \u0026 Connector \u003c= v10.6 \u0026 Sentry \u003c= v9.8 - Remote Code Execution","Severity":"critical","Description":"A remote code execution vulnerability in MobileIron Core \u0026 Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15505.yaml"}
{"ID":"CVE-2020-15568","Info":{"Name":"TerraMaster TOS \u003c.1.29 - Remote Code Execution","Severity":"critical","Description":"TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15568.yaml"}
{"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L - Cross Site Scripting","Severity":"medium","Description":"An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2020/CVE-2020-15895.yaml"}
{"ID":"CVE-2020-15920","Info":{"Name":"Mida eFramework \u003c=2.9.0 - Remote Command Execution","Severity":"critical","Description":"Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15920.yaml"}
{"ID":"CVE-2020-16139","Info":{"Name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","Severity":"high","Description":"Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-16139.yaml"}
{"ID":"CVE-2020-16846","Info":{"Name":"SaltStack \u003c=3002 - Shell Injection","Severity":"critical","Description":"SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-16846.yaml"}
@ -1053,6 +1054,7 @@
{"ID":"CVE-2021-25281","Info":{"Name":"SaltStack Salt \u003c3002.5 - Auth Bypass","Severity":"critical","Description":"SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25281.yaml"}
{"ID":"CVE-2021-25646","Info":{"Name":"Apache Druid - Remote Code Execution","Severity":"high","Description":"Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25646.yaml"}
{"ID":"CVE-2021-25864","Info":{"Name":"Hue Magic 3.0.0 - Local File Inclusion","Severity":"high","Description":"Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25864.yaml"}
{"ID":"CVE-2021-25899","Info":{"Name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","Severity":"high","Description":"An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25899.yaml"}
{"ID":"CVE-2021-26084","Info":{"Name":"Confluence Server - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG \u003e User Management \u003e User Signup Options.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-26084.yaml"}
{"ID":"CVE-2021-26085","Info":{"Name":"Atlassian Confluence Server - Local File Inclusion","Severity":"medium","Description":"Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-26085.yaml"}
{"ID":"CVE-2021-26086","Info":{"Name":"Atlassian Jira Limited - Local File Inclusion","Severity":"medium","Description":"Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-26086.yaml"}