Skip to content

Commit

Permalink
Update CVE and NVD data
Browse files Browse the repository at this point in the history
  • Loading branch information
GSD-automation committed Apr 1, 2024
1 parent 69fccad commit e2599a7
Show file tree
Hide file tree
Showing 217 changed files with 4,832 additions and 481 deletions.
424 changes: 216 additions & 208 deletions 2013/4xxx/GSD-2013-4407.json
View file

Large diffs are not rendered by default.

98 changes: 98 additions & 0 deletions 2014/125xxx/GSD-2014-125110.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"namespaces": {
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. The identifier of the patch is c846327df030a0a97da036a2f07c769ab9284ddb. It is recommended to upgrade the affected component. The identifier VDB-258781 was assigned to this vulnerability."
}
],
"id": "CVE-2014-125110",
"lastModified": "2024-04-01T01:12:59.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-04-01T00:15:49.100",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb"
},
{
"source": "[email protected]",
"url": "https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?ctiid.258781"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?id.258781"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
}
}
}
98 changes: 98 additions & 0 deletions 2015/10xxx/GSD-2015-10131.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"namespaces": {
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620."
}
],
"id": "CVE-2015-10131",
"lastModified": "2024-04-01T01:12:59.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-31T06:15:07.517",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/wp-plugins/tfo-graphviz/commit/594c953a345f79e26003772093b0caafc14b92c2"
},
{
"source": "[email protected]",
"url": "https://github.com/wp-plugins/tfo-graphviz/releases/tag/1.10"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?ctiid.258620"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?id.258620"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
}
}
}
98 changes: 98 additions & 0 deletions 2017/20xxx/GSD-2017-20191.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"namespaces": {
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability."
}
],
"id": "CVE-2017-20191",
"lastModified": "2024-04-01T01:12:59.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-31T09:15:10.280",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/Zimbra/zm-admin-ajax/commit/bb240ce0c71c01caabaa43eed30c78ba8d7d3591"
},
{
"source": "[email protected]",
"url": "https://github.com/Zimbra/zm-admin-ajax/releases/tag/8.8.2"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?ctiid.258621"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?id.258621"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
}
}
}
94 changes: 94 additions & 0 deletions 2020/36xxx/GSD-2020-36828.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
{
"namespaces": {
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612."
}
],
"id": "CVE-2020-36828",
"lastModified": "2024-04-01T01:12:59.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-31T09:15:10.730",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?ctiid.258612"
},
{
"source": "[email protected]",
"url": "https://vuldb.com/?id.258612"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
}
}
}
Loading

0 comments on commit e2599a7

Please sign in to comment.