-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-01-08T03:00:32.018161+00:00
- Loading branch information
1 parent
1c7a447
commit 6850d95
Showing
6 changed files
with
421 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| { | ||
| "id": "CVE-2023-50948", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-08T02:15:13.793", | ||
| "lastModified": "2024-01-08T02:15:13.793", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", | ||
| "attackVector": "ADJACENT_NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 6.5, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 3.6 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-259" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275671", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.ibm.com/support/pages/node/7105509", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "id": "CVE-2023-7215", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-08T02:15:14.027", | ||
| "lastModified": "2024-01-08T02:15:14.027", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 3.5, | ||
| "baseSeverity": "LOW" | ||
| }, | ||
| "exploitabilityScore": 2.1, | ||
| "impactScore": 1.4 | ||
| } | ||
| ], | ||
| "cvssMetricV2": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "2.0", | ||
| "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", | ||
| "accessVector": "NETWORK", | ||
| "accessComplexity": "LOW", | ||
| "authentication": "SINGLE", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "PARTIAL", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.0 | ||
| }, | ||
| "baseSeverity": "MEDIUM", | ||
| "exploitabilityScore": 8.0, | ||
| "impactScore": 2.9, | ||
| "acInsufInfo": false, | ||
| "obtainAllPrivilege": false, | ||
| "obtainUserPrivilege": false, | ||
| "obtainOtherPrivilege": false, | ||
| "userInteractionRequired": false | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-79" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/Chanzhaoyu/chatgpt-web/issues/2001", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.249779", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?id.249779", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "id": "CVE-2024-0290", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-08T01:15:10.607", | ||
| "lastModified": "2024-01-08T01:15:10.607", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 6.3, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 3.4 | ||
| } | ||
| ], | ||
| "cvssMetricV2": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "2.0", | ||
| "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", | ||
| "accessVector": "NETWORK", | ||
| "accessComplexity": "LOW", | ||
| "authentication": "SINGLE", | ||
| "confidentialityImpact": "PARTIAL", | ||
| "integrityImpact": "PARTIAL", | ||
| "availabilityImpact": "PARTIAL", | ||
| "baseScore": 6.5 | ||
| }, | ||
| "baseSeverity": "MEDIUM", | ||
| "exploitabilityScore": 8.0, | ||
| "impactScore": 6.4, | ||
| "acInsufInfo": false, | ||
| "obtainAllPrivilege": false, | ||
| "obtainUserPrivilege": false, | ||
| "obtainOtherPrivilege": false, | ||
| "userInteractionRequired": false | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-89" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.249851", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?id.249851", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "id": "CVE-2024-0291", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-01-08T01:15:10.850", | ||
| "lastModified": "2024-01-08T01:15:10.850", | ||
| "vulnStatus": "Received", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 6.3, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 3.4 | ||
| } | ||
| ], | ||
| "cvssMetricV2": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "2.0", | ||
| "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", | ||
| "accessVector": "NETWORK", | ||
| "accessComplexity": "LOW", | ||
| "authentication": "SINGLE", | ||
| "confidentialityImpact": "PARTIAL", | ||
| "integrityImpact": "PARTIAL", | ||
| "availabilityImpact": "PARTIAL", | ||
| "baseScore": 6.5 | ||
| }, | ||
| "baseSeverity": "MEDIUM", | ||
| "exploitabilityScore": 8.0, | ||
| "impactScore": 6.4, | ||
| "acInsufInfo": false, | ||
| "obtainAllPrivilege": false, | ||
| "obtainUserPrivilege": false, | ||
| "obtainOtherPrivilege": false, | ||
| "userInteractionRequired": false | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-77" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.249857", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?id.249857", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.