diff --git a/cves/2018/CVE-2018-3167.yaml b/cves/2018/CVE-2018-3167.yaml index 55e1f7dd51..dfb6919552 100644 --- a/cves/2018/CVE-2018-3167.yaml +++ b/cves/2018/CVE-2018-3167.yaml @@ -4,7 +4,7 @@ info: name: Oracle E-Business Suite - Blind SSRF author: geeknik severity: medium - description: Oracle E-Business Suite, Application Management Pack component (subcomponent: User Monitoring), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. + description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. reference: - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - http://web.archive.org/web/20211206102649/https://securitytracker.com/id/1041897 diff --git a/cves/2019/CVE-2019-8451.yaml b/cves/2019/CVE-2019-8451.yaml index 79aa40ae03..5b1c34e418 100644 --- a/cves/2019/CVE-2019-8451.yaml +++ b/cves/2019/CVE-2019-8451.yaml @@ -4,7 +4,7 @@ info: name: Jira <8.4.0 - Server-Side Request Forgery author: TechbrunchFR severity: medium - description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations. + description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations. reference: - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in - https://jira.atlassian.com/browse/JRASERVER-69793 diff --git a/cves/2020/CVE-2020-8497.yaml b/cves/2020/CVE-2020-8497.yaml index 2e341e9bd2..61f3510b32 100644 --- a/cves/2020/CVE-2020-8497.yaml +++ b/cves/2020/CVE-2020-8497.yaml @@ -4,7 +4,7 @@ info: name: Artica Pandora FMS <=7.42 - Arbitrary File Read author: gy741 severity: medium - description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. + description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. reference: - https://k4m1ll0.com/cve-2020-8497.html - https://nvd.nist.gov/vuln/detail/CVE-2020-8497 diff --git a/cves/2022/CVE-2022-0735.yaml b/cves/2022/CVE-2022-0735.yaml index 460d49c37a..92b1ef2993 100644 --- a/cves/2022/CVE-2022-0735.yaml +++ b/cves/2022/CVE-2022-0735.yaml @@ -4,7 +4,7 @@ info: name: GitLab CE/EE - Information Disclosure author: GitLab Red Team severity: critical - description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2. + description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2. reference: - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json diff --git a/cves/2022/CVE-2022-42233.yaml b/cves/2022/CVE-2022-42233.yaml index 53518078a9..714af4ba69 100644 --- a/cves/2022/CVE-2022-42233.yaml +++ b/cves/2022/CVE-2022-42233.yaml @@ -5,7 +5,7 @@ info: author: For3stCo1d severity: critical description: | - Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md - https://nvd.nist.gov/vuln/detail/CVE-2022-42233