Auto Generated cves.json [Thu Mar 9 18:26:59 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-09 18:26:59 +00:00
parent 51c259a37d
commit c4e0e52ef4
1 changed files with 2 additions and 2 deletions

View File

@ -675,7 +675,7 @@
{"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-3929.yaml"} {"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-3929.yaml"}
{"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5127.yaml"} {"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5127.yaml"}
{"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-5418.yaml"} {"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-5418.yaml"}
{"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"high","Description":"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2019/CVE-2019-5434.yaml"} {"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"critical","Description":"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5434.yaml"}
{"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"} {"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"}
{"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"} {"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"}
{"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"} {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"}
@ -1117,7 +1117,7 @@
{"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-29441.yaml"} {"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-29441.yaml"}
{"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-29442.yaml"} {"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-29442.yaml"}
{"ID":"CVE-2021-29484","Info":{"Name":"Ghost CMS \u003c=4.32 - Cross-Site Scripting","Severity":"medium","Description":"Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.","Classification":{"CVSSScore":"6.8"}},"file_path":"cves/2021/CVE-2021-29484.yaml"} {"ID":"CVE-2021-29484","Info":{"Name":"Ghost CMS \u003c=4.32 - Cross-Site Scripting","Severity":"medium","Description":"Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.","Classification":{"CVSSScore":"6.8"}},"file_path":"cves/2021/CVE-2021-29484.yaml"}
{"ID":"CVE-2021-29490","Info":{"Name":"Jellyfin 10.7.2 - SSRF","Severity":"medium","Description":"Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"cves/2021/CVE-2021-29490.yaml"} {"ID":"CVE-2021-29490","Info":{"Name":"Jellyfin 10.7.2 - Server Side Request Forgery","Severity":"medium","Description":"Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"cves/2021/CVE-2021-29490.yaml"}
{"ID":"CVE-2021-29622","Info":{"Name":"Prometheus - Open Redirect","Severity":"medium","Description":"Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29622.yaml"} {"ID":"CVE-2021-29622","Info":{"Name":"Prometheus - Open Redirect","Severity":"medium","Description":"Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29622.yaml"}
{"ID":"CVE-2021-29625","Info":{"Name":"Adminer \u003c=4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29625.yaml"} {"ID":"CVE-2021-29625","Info":{"Name":"Adminer \u003c=4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29625.yaml"}
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"} {"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}