Auto Generated cves.json [Wed Jul 12 11:47:35 UTC 2023] 🤖

patch-1
GitHub Action 2023-07-12 11:47:35 +00:00
parent 4ad036500a
commit 8b90b7bcef
2 changed files with 5 additions and 1 deletions

View File

@ -665,6 +665,7 @@
{"ID":"CVE-2019-17506","Info":{"Name":"D-Link DIR-868L/817LW - Information Disclosure","Severity":"critical","Description":"D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17506.yaml"}
{"ID":"CVE-2019-17538","Info":{"Name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","Severity":"high","Description":"Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1\u0026name=../.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17538.yaml"}
{"ID":"CVE-2019-17558","Info":{"Name":"Apache Solr \u003c=8.3.1 - Remote Code Execution","Severity":"high","Description":"Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17558.yaml"}
{"ID":"CVE-2019-17574","Info":{"Name":"Popup-Maker \u003c 1.8.12 - Broken Authentication","Severity":"critical","Description":"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the \"support debug text file\").\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-17574.yaml"}
{"ID":"CVE-2019-1821","Info":{"Name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","Severity":"critical","Description":"Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-1821.yaml"}
{"ID":"CVE-2019-18371","Info":{"Name":"Xiaomi Mi WiFi R3G Routers - Local file Inclusion","Severity":"high","Description":"Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18371.yaml"}
{"ID":"CVE-2019-18393","Info":{"Name":"Ignite Realtime Openfire \u003c4.42 - Local File Inclusion","Severity":"medium","Description":"Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-18393.yaml"}
@ -1734,6 +1735,7 @@
{"ID":"CVE-2022-40127","Info":{"Name":"AirFlow \u003c 2.4.0 - Remote Code Execution","Severity":"high","Description":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-40127.yaml"}
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"}
{"ID":"CVE-2022-4057","Info":{"Name":"Autoptimize \u003c 3.1.0 - Information Disclosure","Severity":"medium","Description":"The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-4057.yaml"}
{"ID":"CVE-2022-4060","Info":{"Name":"WordPress User Post Gallery \u003c=2.19 - Remote Code Execution","Severity":"critical","Description":"WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4060.yaml"}
{"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4063.yaml"}
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40684.yaml"}
@ -1787,6 +1789,7 @@
{"ID":"CVE-2022-44952","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44952.yaml"}
{"ID":"CVE-2022-45037","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45037.yaml"}
{"ID":"CVE-2022-45038","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45038.yaml"}
{"ID":"CVE-2022-45354","Info":{"Name":"Download Monitor \u003c= 4.7.60 - Sensitive Information Exposure","Severity":"medium","Description":"The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-45354.yaml"}
{"ID":"CVE-2022-45362","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-45362.yaml"}
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45805.yaml"}
{"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"medium","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"}
@ -1881,6 +1884,7 @@
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
{"ID":"CVE-2023-2796","Info":{"Name":"EventON \u003c= 2.1 - Missing Authorization","Severity":"medium","Description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2796.yaml"}
{"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"}
{"ID":"CVE-2023-2822","Info":{"Name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2822.yaml"}
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}

View File

@ -1 +1 @@
f746430d7b8c7dc1babc307f345fbd79
1f44d0cbf4ae772bce15bb15732dce7b