daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-15
ghost 2024-11-18 17:22:19 +00:00
parent 3373f2b7b5
commit b801dfe7d4
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2007,6 +2007,7 @@
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47966.yaml"}
{"ID":"CVE-2022-47986","Info":{"Name":"IBM Aspera Faspex \u003c=4.4.2 PL1 - Remote Code Execution","Severity":"critical","Description":"IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47986.yaml"}
{"ID":"CVE-2022-48012","Info":{"Name":"OpenCATS 0.9.7 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings\u0026a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48012.yaml"}
{"ID":"CVE-2022-48164","Info":{"Name":"Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure","Severity":"high","Description":"An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48164.yaml"}
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-48166","Info":{"Name":"Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure","Severity":"high","Description":"An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48166.yaml"}
{"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
25f410a991a6bf5739791be01bab4cd0
ff4fd3e4d95cdb61ef5e419beccc305e